TYPO3 CMS core provides the following APIs to improve website users’ privacy and help website owners comply with the GDPR.
Access and User Management
TYPO3 CMS has sophisticated user and group management in order to grant permission to required information only. Private data like orders or submitted forms are only visible to editors who need to interact with this data.
Read more about User Management in TYPO3 CMS.
TYPO3 developers can employ several different strong password hashing algorithms to secure user passwords. By using random salts, developers can avoid the possibility that an attacker could extract passwords from rainbow tables.
Read more about Salted Passwords in TYPO3 CMS.
Removal of Old Data
A scheduler task makes it possible to remove not relevant data from the system. Typical examples are:
Read more about TYPO3 CMS Scheduler to manage tasks.
Anonymize IP addresses
An extension developer can use an API to retrieve the anonymized IP address and use only that for further processing.
A scheduler task makes it also possible to anonymize IP address of database records after a given time, e.g. anonymize the IP addresses of logs after 180 days.
Read more about scheduling tasks.