The User - Profile History plugin is an incredible tool, useful outside of the GDPR scope. On one site I manage, there are nearly a dozen admins. With that many fingers in the pie, this plugin has come to the rescue many times. It stores the previous value, the new value, and the user who made the change. Finger pointing doesn't happen anymore, and admins are actually more careful about what they do, knowing that their actions are being recorded.
Let's get back to GDPR implementation! Where this plugin fits into the GDPR puzzle is the Right to Access provisions. Specifically, when their data is being processed as it relates to the Joomla site and maintenance of their user account.
Out of the box, this plugin monitors standard Joomla user fields (name, username, password, email), assigned user groups, basic settings (timezone, editor, language, etc), the Joomla User Profile plugin (and others that are implemented in that manner), and Joomla Custom User Fields (such as the TOS). It is written in such a way as to allow additional plugins to monitor other areas and components within Joomla. If you need something custom monitored for changes, please contact me to discuss your needs.
Downloading User - Profile History
To download the extension, you must be a subscriber to either User - Profile History or to the GDPR Bundle. By popular demand, I created the bundle to make it easier to purchase all of the GDPR extensions at once (turning 3 trips to Paypal/Stripe into 1). To reward users for buying the bundle, I gave it a 20% discount.
Once purchased, the GDPR Bundle page and the User - Profile History page will present download links in a section labeled "You are a subscriber".
In /administrator, go to Extensions > Manage > Install. Browse for the plugin you downloaded and press the install button. You should soon see a success message.
Browse to Extensions > Plugins and search for "History". One of the results should be "User - Profile History" and you should have 5 more entries that begin with "Profile History - ". Click the red X next to the plugin to enable it. Or you can check all the boxes next to the plugins and press the "Enable" button in the menu
When you're finished, all six should have a green check as seen in this screenshot:
All configurations are made in the User - Profile History plugin. There are 2 settings in this plugin, but don't let that fool you. Each is a repeating field accepting a virtually unlimited number of entries.
The first is "Ignore Fields". These are fields which can be changed and not recorded. You may consult your legal council regarding ignoring fields, as it may not be GDPR compliant. This extension was written to be useful outside of GDPR regulations.
The second (located on the "Change Notification" tab) deals with notifications. This is where your GDPR specific configurations are made.
Items specified here will trigger a notification when changed. The notification can be sent to the admin, the user or both. You will likely need to specify most, if not all of your user fields in order to maintain compliance. There may be cases where the data is used entirely for internal purposes, but you should consult with your legal council to determine what can be omitted.
The flexibility of monitored elements required a unique method of identifying fields. I found that a dot path fit my use case, so in order to identify fields, you need to understand how the dot path is created. More on that on the next page.
Rather than try to explain it in text, I'll refer you to the tutorial video I created on the subject. This video is also linked from within the plugin.
When you have configured all of your notification triggers, the job is done.