The General Data Protection Regulation presents the greatest overhaul of data laws to Europe in 20 years, however its effect goes beyond the borders of the European Union.
Not only is the landscape of data law changing, but with data breaches from Equifax and Facebook, it’s now more important than ever that businesses remain careful and trustworthy data stewards.
This talk will provide an overview of the major changes brought in by the GDPR, what WordPress is changing to allow compliance, and why data privacy is becoming an even greater issue in the minds of consumers.
Presented by Brendan Woods @brendan_woods at WordCamp Sydney 2018
WordPress is for a free internet
● WordPress is a bastion of the free internet
● Stands for equal opportunity, to allow anyone to bring a great idea to life
no matter where they are.
● We must stand for ethical data practice. To protect the vulnerable.
The General Data Protection Regulation (GDPR) is a new
regulation that acts as an addendum and overhaul of
the European Union's (EU) existing data privacy laws
Does GDPR apply to me?
- Any company processing the personal
data of subjects who are in the Union.
- It doesn’t matter where the
company is located.
Do I really need to follow?
● Previous fines under the DPD were much smaller, up to £500k in the UK.
● Now, failure to comply can result in fines up to €20 Million or 4% of global
revenue, whichever is more.
● Enforced Internationally.
● IP address and mobile IDs now included as personal data.
● Geolocation data.
● Sensitive personal data
○ Health, sexual orientation, race, religion, political opinion.
○ Also includes biometric data - fingerprints, retina scans, genetic data.
● Explicit consent must be obtained, no more pre-ticked boxes and vague
● Revoking consent must be just as easy.
● GDPR applies to some data already collected.
○ Some companies will need to re-establish consent.
● Must be used only for the purpose it was collected.
● Companies have a 72 hour deadline to report data breaches to their
relevant Data Protection Authority.
● Breach must be reported to users/customers without “undue delay”.
● Due to this difficult clause, companies will need reporting policies and
procedures, as well as breach templates.
My New Rights
● Data subjects are able to request to be forgotten. I.e. The right to erasure.
● The right to restrict processing
● Data Portability
● Knowledge of profiling
● WP 4.9.6 Release implemented a set of changes to
help site owners with compliance
● Comment Consent (check language)
● Data export and erasure feature
● Gaps in localisation