4. Less than 100 days to go, and all I got was this
not-so-plain T-shirt Policy Text to put on my website
Where do we store
Personal
Identifiable
Information on our
online services?
Do we have actual
procedures and
tools in place to
cope with
user/customer
requests?
What about data
breaches?
The interpretation of the regulation seem to change each week
(but not the law itself!)
GDPR
Checklist
5. We need a unified way to identify where Personal
Identifiable Information is stored across various
plugins and i core in any WordPress instance
6. A series of hooks and filters provide a methodology
on how to provide pointers to personal data
7. We started with a PHP Object Interface
It was way too broad
Together with Peter Suhm (@petersuhm) from
WPPusher.com I asked the community to figure out
what was happening on the GDPR scene
- not much it turned out...
So with the help of
Allen Snook (@allendav), Andrew Ozz (@azaozz), Jesper V. Nielsen,
Xenos Konstantinos (@xkon), Heather Burns (@webdevlaw), Nabeel
Sulieman (@nabeel), Paul Sieminski (@pesieminski) - and all the rest...
8. We steered it towards a more WordPressy direction
Hooks and Filters
The Community rejoiced and our first Office Hours
meeting on Slack #gdpr-compliance was...
messy to say the least
9. Now, the #gdpr-compliance weekly office hours are
Focused, less people
But dedicated
A small team is working hard on implementing the
GDPR ‘interface’ into WordPress Core
- and it’s not an interface anymore
10. We try to solve the
simplest 3 things
first
by doing what we’ve always done with data
- Create Read Update Delete
12. The Right to be ForgottenData Portability
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_personal_data()
13. The Right to be ForgottenData Portability
We say anonymized, since most
systems would break if you went and
deleted data that is tied into statistics,
logs, or transactional data. But if a
system deletes data
- that’s OK too.
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_personal_data()
14. The Right to be ForgottenData Portability Data Breach Notification
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_()
15. Plugins that store Personal Identifiable data provide
pointers to where and what they store
And how long and why they store it
(eventually)
16. That way - plugins can store data as they see fit
In the
Database
In files
20. Current Status as of March 2018 :
Adopted by WordPress and currently being
implemented into Core
21. + Show which plugins are GDPR compliant
+ Collect Policy Texts from each plugin, and
provide a centralized Policy Text pagebuilder
+ Notify GDPR authorities within your country of
data breaches
+ Provide standardized anonymization of email
addresses, Names, IP, GEO data …
+ ??
And soon a bunch of plugins on the repository that
extends the new data-structure with new features