The Fields - Terms of Service (TOS) plugin provides the ability to present users with a field they MUST accept prior to continuing with registration and/or saving their profile. This plugin links the field label to an article (in a modal window) and will not allow the form to be submitted until the user accepts the term. Where this differs from the Joomla User Profile plugin and its "Terms of Service" field is that where the Profile plugin offers one terms field, this plugin allows you to create as many TOS fields as you like. When paired with the System - Required Fields plugin, you can force users to accept new terms that were created after they registered.
Keeping with the GDPR guidelines, the fields will ALWAYS default to "No", requiring users to actually click the radio to agree. Requiring the users to select the agree meets Citation 32 of the regulation. Something important to note. The TOS fields should not be used for arbitrary items which are not critical to the operation of your site. As these fields require consent, using them for non-critical reasons may run afoul of Citation 42 of the GDPR, which states:
"Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment."
If the term for which you seek consent is not critical to the operation of your site, you may want to create it using the procedure detailed in Non-Mandatory Consent Fields.
The nature of this plugin makes configuration complicated. This guide will take you step-by-step to deployment of a new TOS field. You need the plugin to begin.
Download the Fields - Terms of Service Plugin
To download the extension, you must be a subscriber to either Fields - Terms of Service or to the GDPR Bundle. By popular demand, I created the bundle to make it easier to purchase all of the GDPR extensions at once (turning 3 trips to Paypal/Stripe into 1). To reward users for buying the bundle, I gave it a 20% discount.
Once purchased, the GDPR Bundle page and the Fields - Terms of Service page will present download links in a section labeled "You are a subscriber".
In /administrator, go to Extensions > Manage > Install. Browse for the plugin you downloaded and press the install button. You should soon see a success message.
Browse to Extensions > Plugins and search for "Terms". One of the results should be "Fields - Terms of Service". Click the red X next to the plugin to enable it. When you're finished, it should have a green check next to it as seen in this screenshot:
Before you create your first TOS field, you need an article to link to. Review the GDPR guidelines for specifics, but the general idea is that these terms are simple and easy to understand. The best example of a term would be a single, short sentence. This article you are creating is a slightly longer description of your term - but again, keep it simple or you may run afoul of the intent of this portion of the GDPR. The simple version of your term will be used as the field label during registration and will trigger a popup/modal window containing the longer terms article.
How you organize terms on your site is up to you, but I encourage you to have a system of organization. Additionally, you should consult legal council before altering any term article that any user has already consented. Doing so may render the previous consent void. Please consult with legal council. My suggestion is to amend terms with additional terms, but never alter terms unless resolving a typographical error.
Creating the Field
Once you've created articles for each of your fields, it's time to create the fields themselves. If you have a lot of terms, you may want to consider the organization of terms as they are displayed to users. If you don't create field groups, you may end up with all of your terms fields bunched together in an automatic field group named "Fields", which might be confusing to users.
Before creating the field, create the group where your related TOS fields will be displayed together (otherwise they end up in an automatic group called "Fields" which doesn't look very good). On this site, the terms are all children of the "Terms" group - it's simple, but effective and clear. For the purposes of this instruction, I will assume that you took that advice and want to create a "Terms" field group, so that is where we will begin. The name of the group isn't set in stone - you can name it anything you like, and you can have as many as you need to organize your terms logically.
Browse to Users > Field Groups
Create a new Group, name it "Terms"
Browse to Users > Fields
Create a new field. The label should be (as described on a previous page, and in Citation 42 of the GDPR) a simple description of the consent you wish to receive. If it's longer than a sentence, it is too long. Keep it simple, use the terms document to explain further if necessary. I like to make my title and labels match, so they are easily identifiable in the fields listing.
Select "Terms of Service" as the type. When the page refreshes, change the "Required" setting to "Yes" - this is important for configuration of the System - Required Fields plugin.
At the bottom, select the terms article you created previously.
To the right, choose the appropriate "Field Group" - if you're following this guide closely, that group will be named "Terms"
When finished, it should look like this:
Click "Save" (do not close it, we aren't done yet)
After saving, the "Name" field should auto-populate. Our last configuration is on the "Permissions" tab.
In Permissions, change the Public > Edit Custom Field Value setting to "Allow". Your screen should look like this:
Now you can "Save and Close" this field.
This is not quite the end of our configuration for this field. This field will be displayed and required for users at registration, but if you add new terms - the user will not be required to agree unless they edit their profile. To resolve this issue, the configuration of this field continues with the installation and configuration of the System - Required Fields plugin.
* One of the first GDPR Bundle subscribers pointed out that the "Public - Edit Custom Field Value" permissions can be set on the field group. If you make this setting on the field group, any field in that group inherits the permission. If you choose to go this route, you can skip the permission step on the creation of each field. - Thanks for the tip Michele!
This is the end, of this small piece
You've completed setting up one piece of the GDPR, but there are many parts to this law. Explore other implementation guides in this site to get closer to compliance.