feat: Joomla data compliance framework — GDPR/CCPA enforcement across all packages #248

New Issue

2026-06-23T15:54:43Z

jmiller commented

2026-06-23 15:54:43 +00:00

Summary

All MokoSuite packages must be Joomla data-compliant AND leverage MokoSuiteClient's data compliance features. This is a platform-wide requirement.

Joomla Data Compliance (all packages must implement)

Privacy plugin — each package registers a plg_privacy_mokosuite{name} that reports what personal data it stores
Data export — implement onPrivacyExportRequest to export user's data in XML format
Data deletion — implement onPrivacyRemoveData to anonymize or delete user data
Consent tracking — use Joomla's com_privacy consent system for data collection
Cookie consent — modules with frontend tracking register cookies with Joomla's consent manager
Data retention — configurable retention periods per data type, auto-purge via TaskPlugin

MokoSuiteClient Compliance Features (all packages use)

Privacy Guard integration — leverage Client's existing Privacy Guard for data subject requests
Anonymization helper — shared AnonymizeHelper for consistent data anonymization across modules
Audit logging — all personal data access logged via Joomla Action Logs (com_actionlogs)
Right to portability — export all module data for a contact in machine-readable format
Right to be forgotten — cascade deletion/anonymization across all installed modules
Data breach notification — ntfy alert when bulk data export detected

Per-Module Personal Data

Module	Personal Data Stored
CRM	contacts, emails, phone, address, deals, invoices, appointments
ERP	vendor contacts, purchase history, bank details
POS	transaction history, payment methods
Shop	customer accounts, orders, addresses, payment info
HRM	employee SSN, bank, address, performance, leave
Beauty	client profiles, color formulas, allergies, birthday
Auto	buyer info, financing details, driver license
Support	conversation history, visitor info, email
Child	child records, parent contacts, medical info, immunizations
Library	patron records, checkout history
Event	attendee records, dietary preferences
Construction	subcontractor contacts, insurance info

Technical Notes

Each package ships a plg_privacy_mokosuite{name} plugin in its package
Privacy plugins implement Joomla\Component\Privacy\Administrator\Plugin\PrivacyPlugin
onPrivacyExportRequest returns Joomla\Component\Privacy\Administrator\Export\Domain objects
Client's AnonymizeHelper replaces PII with [REDACTED] or generates fake data
Encrypted fields (CRM #74) require key access for deletion — log key destruction

## Summary All MokoSuite packages must be Joomla data-compliant AND leverage MokoSuiteClient's data compliance features. This is a platform-wide requirement. ## Joomla Data Compliance (all packages must implement) - [ ] **Privacy plugin** — each package registers a `plg_privacy_mokosuite{name}` that reports what personal data it stores - [ ] **Data export** — implement `onPrivacyExportRequest` to export user's data in XML format - [ ] **Data deletion** — implement `onPrivacyRemoveData` to anonymize or delete user data - [ ] **Consent tracking** — use Joomla's `com_privacy` consent system for data collection - [ ] **Cookie consent** — modules with frontend tracking register cookies with Joomla's consent manager - [ ] **Data retention** — configurable retention periods per data type, auto-purge via TaskPlugin ## MokoSuiteClient Compliance Features (all packages use) - [ ] **Privacy Guard integration** — leverage Client's existing Privacy Guard for data subject requests - [ ] **Anonymization helper** — shared `AnonymizeHelper` for consistent data anonymization across modules - [ ] **Audit logging** — all personal data access logged via Joomla Action Logs (`com_actionlogs`) - [ ] **Right to portability** — export all module data for a contact in machine-readable format - [ ] **Right to be forgotten** — cascade deletion/anonymization across all installed modules - [ ] **Data breach notification** — ntfy alert when bulk data export detected ## Per-Module Personal Data | Module | Personal Data Stored | |--------|---------------------| | CRM | contacts, emails, phone, address, deals, invoices, appointments | | ERP | vendor contacts, purchase history, bank details | | POS | transaction history, payment methods | | Shop | customer accounts, orders, addresses, payment info | | HRM | employee SSN, bank, address, performance, leave | | Beauty | client profiles, color formulas, allergies, birthday | | Auto | buyer info, financing details, driver license | | Support | conversation history, visitor info, email | | Child | child records, parent contacts, medical info, immunizations | | Library | patron records, checkout history | | Event | attendee records, dietary preferences | | Construction | subcontractor contacts, insurance info | ## Technical Notes - Each package ships a `plg_privacy_mokosuite{name}` plugin in its package - Privacy plugins implement `Joomla\Component\Privacy\Administrator\Plugin\PrivacyPlugin` - `onPrivacyExportRequest` returns `Joomla\Component\Privacy\Administrator\Export\Domain` objects - Client's AnonymizeHelper replaces PII with `[REDACTED]` or generates fake data - Encrypted fields (CRM #74) require key access for deletion — log key destruction

jmiller commented

2026-06-23 15:55:46 +00:00

Branch created: feature/248-feat-joomla-data-compliance-framework-gd

git fetch origin
git checkout feature/248-feat-joomla-data-compliance-framework-gd

Branch created: [`feature/248-feat-joomla-data-compliance-framework-gd`](https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteClient/src/branch/feature/248-feat-joomla-data-compliance-framework-gd) ```bash git fetch origin git checkout feature/248-feat-joomla-data-compliance-framework-gd ```

jmiller referenced this issue

2026-06-23 16:49:20 +00:00

feat(devtools): add reset guided tour prompts toggle #250

Sign in to join this conversation.

Priority Medium

Type Feature

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteClient#248