Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR, WordPress and You.

783 views

Published on

The General Data Protection Regulation presents the greatest overhaul of data laws to Europe in 20 years, however its effect goes beyond the borders of the European Union.

Not only is the landscape of data law changing, but with data breaches from Equifax and Facebook, it’s now more important than ever that businesses remain careful and trustworthy data stewards.

This talk will provide an overview of the major changes brought in by the GDPR, what WordPress is changing to allow compliance, and why data privacy is becoming an even greater issue in the minds of consumers.

Presented by Brendan Woods @brendan_woods at WordCamp Sydney 2018

Published in: Internet
  • Be the first to comment

  • Be the first to like this

GDPR, WordPress and You.

  1. 1. GDPR, Data Privacy and WordPress
  2. 2. Brendan Woods Team Lead, XWP @brendan_woods brendan.woods@xwp.co https://xwp.co/ not a lawyer
  3. 3. Ethical Commercial Legal
  4. 4. Ethical Commercial Legal
  5. 5. War is 90% information. ~Napoleon Bonaparte
  6. 6. Data = Power
  7. 7. WordPress is for a free internet ● WordPress is a bastion of the free internet ● Stands for equal opportunity, to allow anyone to bring a great idea to life no matter where they are. ● We must stand for ethical data practice. To protect the vulnerable.
  8. 8. Ethical Commercial Legal
  9. 9. Data is Essential ● Understanding your market ● Cost saving / time reduction ● Product development ● Enhanced service
  10. 10. Being a Good Data Steward ● Data awareness is growing, and consumers are becoming far more sceptical ● This is an opportunity to build consumer trust.
  11. 11. Ethical Commercial Legal
  12. 12. The General Data Protection Regulation (GDPR) is a new regulation that acts as an addendum and overhaul of the European Union's (EU) existing data privacy laws
  13. 13. Does GDPR apply to me? - Any company processing the personal data of subjects who are in the Union. - It doesn’t matter where the company is located.
  14. 14. Do I really need to follow? ● Previous fines under the DPD were much smaller, up to £500k in the UK. ● Now, failure to comply can result in fines up to €20 Million or 4% of global revenue, whichever is more. ● Enforced Internationally.
  15. 15. Major Changes Data Types Consent Breaches New Rights
  16. 16. Data Types ● IP address and mobile IDs now included as personal data. ● Geolocation data. ● Sensitive personal data ○ Health, sexual orientation, race, religion, political opinion. ○ Also includes biometric data - fingerprints, retina scans, genetic data.
  17. 17. Consent ● Explicit consent must be obtained, no more pre-ticked boxes and vague statements. ● Revoking consent must be just as easy. ● GDPR applies to some data already collected. ○ Some companies will need to re-establish consent. ● Must be used only for the purpose it was collected.
  18. 18. Breaches ● Companies have a 72 hour deadline to report data breaches to their relevant Data Protection Authority. ● Breach must be reported to users/customers without “undue delay”. ● Due to this difficult clause, companies will need reporting policies and procedures, as well as breach templates.
  19. 19. I just want my phone call
  20. 20. My New Rights ● Data subjects are able to request to be forgotten. I.e. The right to erasure. ● The right to restrict processing ● Data Portability ● Knowledge of profiling
  21. 21. WordPress Core ● WP 4.9.6 Release implemented a set of changes to help site owners with compliance ● Comment Consent (check language) ● Data export and erasure feature ● Privacy policy generator ● Gaps in localisation Leo Postovoit
  22. 22. So what should I be doing?
  23. 23. Next Steps ● Check your plugins ■ Google Analytics ■ Email opt in ■ Cookie consent ● Create a Privacy Policy ● SSL and Encryption
  24. 24. The most important questions ● What data am I collecting? ● Where am I storing it? ● Why am I collecting it? ● Did I get proper permission to have it?
  25. 25. What kind of future do we want?
  26. 26. Questions & Comments @brendan_woods

×