The GDPRWP.com project has come a long way since it starts in November of 2017. This is a small summary of events and current status March 2018

1. GDPR for WP
A technical solution
to the legal
mumbo jumbo

2. GDPR
… is comming

3. wordpress.slack.com
#gdpr-compliance
TRAC.WordPress.org
core.trac.wordpress.org/query?status=!closed&keywords=~g
dpr
Participate

4. Less than 100 days to go, and all I got was this
not-so-plain T-shirt Policy Text to put on my website
Where do we store
Personal
Identifiable
Information on our
online services?
Do we have actual
procedures and
tools in place to
cope with
user/customer
requests?
What about data
breaches?
The interpretation of the regulation seem to change each week
(but not the law itself!)
GDPR
Checklist

5. We need a unified way to identify where Personal
Identifiable Information is stored across various
plugins and i core in any WordPress instance

6. A series of hooks and filters provide a methodology
on how to provide pointers to personal data

7. We started with a PHP Object Interface
It was way too broad
Together with Peter Suhm (@petersuhm) from
WPPusher.com I asked the community to figure out
what was happening on the GDPR scene
- not much it turned out...
So with the help of
Allen Snook (@allendav), Andrew Ozz (@azaozz), Jesper V. Nielsen,
Xenos Konstantinos (@xkon), Heather Burns (@webdevlaw), Nabeel
Sulieman (@nabeel), Paul Sieminski (@pesieminski) - and all the rest...

8. We steered it towards a more WordPressy direction
Hooks and Filters
The Community rejoiced and our first Office Hours
meeting on Slack #gdpr-compliance was...
messy to say the least

9. Now, the #gdpr-compliance weekly office hours are
Focused, less people
But dedicated
A small team is working hard on implementing the
GDPR ‘interface’ into WordPress Core
- and it’s not an interface anymore

10. We try to solve the
simplest 3 things
first
by doing what we’ve always done with data
- Create Read Update Delete

11. Data Portability
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_export_personal_data()

12. The Right to be ForgottenData Portability
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_personal_data()

13. The Right to be ForgottenData Portability
We say anonymized, since most
systems would break if you went and
deleted data that is tied into statistics,
logs, or transactional data. But if a
system deletes data
- that’s OK too.
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_personal_data()

14. The Right to be ForgottenData Portability Data Breach Notification
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_()

15. Plugins that store Personal Identifiable data provide
pointers to where and what they store
And how long and why they store it
(eventually)

16. That way - plugins can store data as they see fit
In the
Database
In files

17. Hip cloud
plugin right
here
In the
Database
Some might even store it in The Cloud

18. It’s OK - but keep it in an EU
(approved) country
Clouds hovering
EU acceptable territory
only

19. Hip cloud
plugin right
here
In the
Database
With the standard methodology
we can create tools to work on that data

20. Current Status as of March 2018 :
Adopted by WordPress and currently being
implemented into Core

21. + Show which plugins are GDPR compliant
+ Collect Policy Texts from each plugin, and
provide a centralized Policy Text pagebuilder
+ Notify GDPR authorities within your country of
data breaches
+ Provide standardized anonymization of email
addresses, Names, IP, GEO data …
+ ??
And soon a bunch of plugins on the repository that
extends the new data-structure with new features

22. Plain text policyConsent Backup-compatibility
Next steps ...

23. Lets talk GDPR
The official #GDPR-Compliance chat
every wednesday 17:00 UTC
wordpress.slack.com
Kåre Mulvad Steffensen
kms@peytz.dk