We all know that we need to take care about data privacy stuff until 25th of May. That is right for my website, too. But I also need to make sure Event Gallery is covered and help you to get compliant.
The next release will add a new chapter in the manual which describes, how Event Gallery collects data.
Also, there will be some changes codewise. Right now there are a couple of external scripts loaded. Even if this is in the backend, I remove them to avoid that somebody has to deal with that.
If you use Event Gallery for showing images only, you're fine. It needs the Joomla! session, nothing more.
Things will get more complicated if you use comments. Right now a user-comment is stored together with the name, email and IP of the user. I don't plan to change the implementation to be able to remove or export data. The opposite will happen. You can consider comments as gone. I will delete this feature. GDPR is not the primary reason. It is just an old feature and GDPR gives it the last push to die.
But what about that order stuff in Event Gallery? I'll take care of that! My current idea is to support the new GDPR-features of Joomla!. A couple of days ago Joomla! announced some improvements regarding GDPR. There will be a new privacy component which can show all the data your installed extensions collect. Event Gallery will support that once it is ready. As a result, it is clear which data Event Gallery collects.
What about data export? I still think about how to implement that. There are four places where we collect data: