GDPR for WP Status

•

2 likes•1,664 views

The GDPRWP.com project has come a long way since it starts in November of 2017. This is a small summary of events and current status March 2018

Technology

GDPR for WP
A technical solution
to the legal
mumbo jumbo

wordpress.slack.com
#gdpr-compliance
TRAC.WordPress.org
core.trac.wordpress.org/query?status=!closed&keywords=~g
dpr
Participate

Less than 100 days to go, and all I got was this
not-so-plain T-shirt Policy Text to put on my website
Where do we store
Personal
Identifiable
Information on our
online services?
Do we have actual
procedures and
tools in place to
cope with
user/customer
requests?
What about data
breaches?
The interpretation of the regulation seem to change each week
(but not the law itself!)
GDPR
Checklist

We need a unified way to identify where Personal
Identifiable Information is stored across various
plugins and i core in any WordPress instance

A series of hooks and filters provide a methodology
on how to provide pointers to personal data

We started with a PHP Object Interface
It was way too broad
Together with Peter Suhm (@petersuhm) from
WPPusher.com I asked the community to figure out
what was happening on the GDPR scene
- not much it turned out...
So with the help of
Allen Snook (@allendav), Andrew Ozz (@azaozz), Jesper V. Nielsen,
Xenos Konstantinos (@xkon), Heather Burns (@webdevlaw), Nabeel
Sulieman (@nabeel), Paul Sieminski (@pesieminski) - and all the rest...

We steered it towards a more WordPressy direction
Hooks and Filters
The Community rejoiced and our first Office Hours
meeting on Slack #gdpr-compliance was...
messy to say the least

Now, the #gdpr-compliance weekly office hours are
Focused, less people
But dedicated
A small team is working hard on implementing the
GDPR ‘interface’ into WordPress Core
- and it’s not an interface anymore

We try to solve the
simplest 3 things
first
by doing what we’ve always done with data
- Create Read Update Delete

Data Portability
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_export_personal_data()

The Right to be ForgottenData Portability
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_personal_data()

The Right to be ForgottenData Portability
We say anonymized, since most
systems would break if you went and
deleted data that is tied into statistics,
logs, or transactional data. But if a
system deletes data
- that’s OK too.
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_personal_data()

The Right to be ForgottenData Portability Data Breach Notification
>
>
3 things: Read - Delete - Notify
wp_ajax_wp_privacy_[ Still being developed ]_()

Plugins that store Personal Identifiable data provide
pointers to where and what they store
And how long and why they store it
(eventually)

That way - plugins can store data as they see fit
In the
Database
In files

Hip cloud
plugin right
here
In the
Database
Some might even store it in The Cloud

It’s OK - but keep it in an EU
(approved) country
Clouds hovering
EU acceptable territory
only

Hip cloud
plugin right
here
In the
Database
With the standard methodology
we can create tools to work on that data

Current Status as of March 2018 :
Adopted by WordPress and currently being
implemented into Core

+ Show which plugins are GDPR compliant
+ Collect Policy Texts from each plugin, and
provide a centralized Policy Text pagebuilder
+ Notify GDPR authorities within your country of
data breaches
+ Provide standardized anonymization of email
addresses, Names, IP, GEO data …
+ ??
And soon a bunch of plugins on the repository that
extends the new data-structure with new features

Plain text policyConsent Backup-compatibility
Next steps ...

Lets talk GDPR
The official #GDPR-Compliance chat
every wednesday 17:00 UTC
wordpress.slack.com
Kåre Mulvad Steffensen
kms@peytz.dk

Similar to GDPR for WP Status

Cloud computing - Assessing the Security Risks - Jared Carstensen

jaredcarst

What is big data

ShubShubi

Data security is a critical component for all businesses. Business data protection helps to secure customer details, financial information, survey data and other key business data which are key company assets. Many companies, including Sample Solutions, rely on the fact that data they have and work with is secure, encrypted and can not be breached. Losing the data in a natural catastrophe is one thing but losing it to a breach can lead to severe consequences. Not only do data breaches damage a company’s reputation and destroy consumer trust, breaching may also lead to lost business opportunities and financial consequences, along with disrupt safety and natural workflow.

Data Security Whitepaper

Sample Solutions

You may be compliant...

Greg Swedosh

Presented by Greg Swedosh from Knightcraft Technology (www.knightcraft.com) at NonStop Bootcamp 2014. This presentation explains why being PCI compliant does *not* equal being secure. While this is a general statement, the presentation does focus on the HP NonStop platform. Excerpt from a summary slide: Without a strong commitment to security by the executive team, being compliant only provides a false sense of security. It often just becomes about ticking boxes and “filling gaps”. Where there is no serious commitment to security, an organization will always be significantly more vulnerable.

You may be compliant, but are you really secure?

Thomas Burg

[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information

AIIM International

Teamwork.com Security Overvew

Ivotefan

Enabling Compliance with GDPR on AWS

Amazon Web Services

25 May 2018, the General Data Protection Regulation (GDPR) deadline, is less than 6 months away. As the attention on the regulation is at the top, there is now a growing concern for any organization that is affected by. We would like to invite you to join our webinar to share with you our approach and help your organization and you document repository to be compliant with GDPR. During the webinar, our special guests, George Parapadakis – Business Solutions Strategy, Alfresco and Bart van Bouwel – Managing Partner, CDI-Partners, will provide you with: - How to implement GDPR in your document repository - How the Alfresco Digital Business Platform can help your organization to be compliant with GDPR - Xenit approach: a managed shared drive -Xenit demonstration -Top tips to start preparing for the GDPR.

How to implement gdpr in your document repository

XeniT Solutions nv

How to become GDPR & CCPA Compliant. See the complete 5 page GDPR, CCPA Compliancy Plan Here is the CCPA / GDPR 3 Day Training PowerPoint - https://www.slideshare.net/StevenMeister/ccpa-and-gdpr-three-day-training-with-actual-deliverables-and-the-whys-and-hows-to-do-so 847-440-4439 https://www.youtube.com/channel/UC3F-qrvOIOwDj4ZKBMmoTWA?view_as=subscriber GDPR 16 page PPT Plan - https://www.slideshare.net/StevenMeister/gdpr-ccpa-automated-compliance-spark-java-application-features-and-functions-of-big-datarevealed-april-version-35 https://youtu.be/JGoQwoicUxw Comprehensive Metadata Catalog Video for GDPR / CCPA - https://youtu.be/xryESgfzRcc

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...

Steven Meister

How Cloudera SDX can aid GDPR compliance 6.21.18

Cloudera, Inc.

Integrating DLP and the 4 W's is a Must by Uzi Yair - CEO, GTB Technologies Inc.

Ravtach Solutions

StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...

Start Pad

Web 20 Security - Vordel

guest2a1135

GDPR - Top 10 AWS Security and Compliance Best Practices

Ahmad Khan

How the Journey to Modern Data Management is Paved with an Inclusive Edge-to-...

Dana Gardner

Enterprises hold data that has potential value outside their own firewalls. We have been trying to figure out how to share such data at a level of detail with others in a secure, safe, legal and risk mitigated manner that ensure high level of privacy while adding tangible economic and social value. Enterprises are facing numerous roadblocks, failed projects, inadequate business cases, and issues of scale that needs newer techniques, technology and approach. In this talk, we will be setup the groundwork for scalable data augmentation for organisations and visualising technical architectures and solutions around emerging technologies of data fabrics, edge computing and a second coming of data virtualisation.

Privacy Preserved Data Augmentation using Enterprise Data Fabric

Atif Shaikh

A Practical Approach To Data Mining Presentation

millerca2

SPSUK - When do you decide to go to the cloud?

Mark Stokes

1 3 Financial Service Security EngagementLearning Team CCMGT/400 April 8th, 2019 Ellen Gaston Financial Service Security Engagement · Create a plan that addresses the secure use of mobile devices by internal employees and external employees as they use mobile devices to access these applications. · Recommend physical security and environmental controls to protect the data center which runs the on-site applications. Introduction Integrating cloud-based, customer relationship management (CRM) software application with the on-site software applications that manage customer accounts and investment portfolios can assist a firm to create more leads, increase revenue, minimize the cost of sales, and improve customer services. However, this system has some security risks and requires an organization to create a plan that addresses its secure use. Mobile Gadget Security/Bring Your Own Device Plan (BYOD) This involves creating a gadget usage policy, before issuing them to workers. This entails limitation of its use and probable actions against its violation (Michener, 2015). Employees also are taught on how to mitigate security risks of mobile phones. If workers can utilize their personal gadgets, BYOD security policy is created, which comprises of installing distant wiping application on all devices to store data accessed from the organization (Michener, 2015). Organization should install current antivirus software to all devices to prevent hacking and loss of data. The content stored in the mobile devices should be backed up on organization’s computers on regularly basis to make sure that the data is safe if a gadget is stolen or lost. Selecting Passwords Passwords meant for the devices should be strong enough and not common to any third party. This ensures privacy as it prevents data linkage to unwanted individuals. On a different point, carrying out consistent mobile security audits and penetration assessment is one of the physical securities and environmental control measures. In this case, a firm hires a recognized security testing company to audit their gadget security and carry out penetration assessment (Michener, 2015). This ensures data protection as any noticed channels of data linkage drives the firm to upgrade its system. · Propose audit assessment and processes that will be used to ensure that the cloud-based CRM software provider uses appropriate physical security and environmental controls to protect their data centers which run your cloud-based CRM software. · Develop identity and access management policies for both the on-site systems and the cloud-based CRM. Customers should be aware that unique data security issues arise in a cloud computing environment. For example, in an ASP environment, a single physical server may be dedicated to the customer for hosting the application and storing the customer’s data. However, in a cloud computing environment, technologies and approaches used to facilitate scalability, such .

1 3Financial Service Security EngagementLearning Team .docx

oswald1horne84988

Similar to GDPR for WP Status (20)

Cloud computing - Assessing the Security Risks - Jared Carstensen

What is big data

Data Security Whitepaper

You may be compliant...

You may be compliant, but are you really secure?

[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information

Teamwork.com Security Overvew

Enabling Compliance with GDPR on AWS

How to implement gdpr in your document repository

Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...

How Cloudera SDX can aid GDPR compliance 6.21.18

Integrating DLP and the 4 W's is a Must by Uzi Yair - CEO, GTB Technologies Inc.

StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...

Web 20 Security - Vordel

GDPR - Top 10 AWS Security and Compliance Best Practices

How the Journey to Modern Data Management is Paved with an Inclusive Edge-to-...

Privacy Preserved Data Augmentation using Enterprise Data Fabric

A Practical Approach To Data Mining Presentation

SPSUK - When do you decide to go to the cloud?

1 3Financial Service Security EngagementLearning Team .docx

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Manulife - Insurer Innovation Award 2024

The Digital Insurer

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Real Time Object Detection Using Open CV

Khem

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Scaling API-first – The story of a global engineering organization

Axa Assurance Maroc - Insurer Innovation Award 2024

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Top 10 Most Downloaded Games on Play Store in 2024

Strategies for Landing an Oracle DBA Job as a Fresher

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Manulife - Insurer Innovation Award 2024

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Boost Fertility New Invention Ups Success Rates.pdf

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Artificial Intelligence Chap.5 : Uncertainty

Real Time Object Detection Using Open CV

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

GDPR for WP Status

1. GDPR for WP A technical solution to the legal mumbo jumbo

2. GDPR … is comming

3. wordpress.slack.com #gdpr-compliance TRAC.WordPress.org core.trac.wordpress.org/query?status=!closed&keywords=~g dpr Participate

4. Less than 100 days to go, and all I got was this not-so-plain T-shirt Policy Text to put on my website Where do we store Personal Identifiable Information on our online services? Do we have actual procedures and tools in place to cope with user/customer requests? What about data breaches? The interpretation of the regulation seem to change each week (but not the law itself!) GDPR Checklist

5. We need a unified way to identify where Personal Identifiable Information is stored across various plugins and i core in any WordPress instance

6. A series of hooks and filters provide a methodology on how to provide pointers to personal data

7. We started with a PHP Object Interface It was way too broad Together with Peter Suhm (@petersuhm) from WPPusher.com I asked the community to figure out what was happening on the GDPR scene - not much it turned out... So with the help of Allen Snook (@allendav), Andrew Ozz (@azaozz), Jesper V. Nielsen, Xenos Konstantinos (@xkon), Heather Burns (@webdevlaw), Nabeel Sulieman (@nabeel), Paul Sieminski (@pesieminski) - and all the rest...

8. We steered it towards a more WordPressy direction Hooks and Filters The Community rejoiced and our first Office Hours meeting on Slack #gdpr-compliance was... messy to say the least

9. Now, the #gdpr-compliance weekly office hours are Focused, less people But dedicated A small team is working hard on implementing the GDPR ‘interface’ into WordPress Core - and it’s not an interface anymore

10. We try to solve the simplest 3 things first by doing what we’ve always done with data - Create Read Update Delete

11. Data Portability > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_export_personal_data()

12. The Right to be ForgottenData Portability > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_personal_data()

13. The Right to be ForgottenData Portability We say anonymized, since most systems would break if you went and deleted data that is tied into statistics, logs, or transactional data. But if a system deletes data - that’s OK too. > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_personal_data()

14. The Right to be ForgottenData Portability Data Breach Notification > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_()

15. Plugins that store Personal Identifiable data provide pointers to where and what they store And how long and why they store it (eventually)

16. That way - plugins can store data as they see fit In the Database In files

17. Hip cloud plugin right here In the Database Some might even store it in The Cloud

18. It’s OK - but keep it in an EU (approved) country Clouds hovering EU acceptable territory only

19. Hip cloud plugin right here In the Database With the standard methodology we can create tools to work on that data

20. Current Status as of March 2018 : Adopted by WordPress and currently being implemented into Core

21. + Show which plugins are GDPR compliant + Collect Policy Texts from each plugin, and provide a centralized Policy Text pagebuilder + Notify GDPR authorities within your country of data breaches + Provide standardized anonymization of email addresses, Names, IP, GEO data … + ?? And soon a bunch of plugins on the repository that extends the new data-structure with new features

22. Plain text policyConsent Backup-compatibility Next steps ...

23. Lets talk GDPR The official #GDPR-Compliance chat every wednesday 17:00 UTC wordpress.slack.com Kåre Mulvad Steffensen kms@peytz.dk

GDPR for WP Status

Recommended

Recommended

More Related Content

Similar to GDPR for WP Status

Similar to GDPR for WP Status (20)

Recently uploaded

Recently uploaded (20)

GDPR for WP Status