Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

GDPR for WP Status

The GDPRWP.com project has come a long way since it starts in November of 2017. This is a small summary of events and current status March 2018

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

GDPR for WP Status

  1. 1. GDPR for WP A technical solution to the legal mumbo jumbo
  2. 2. GDPR … is comming
  3. 3. wordpress.slack.com #gdpr-compliance TRAC.WordPress.org core.trac.wordpress.org/query?status=!closed&keywords=~g dpr Participate
  4. 4. Less than 100 days to go, and all I got was this not-so-plain T-shirt Policy Text to put on my website Where do we store Personal Identifiable Information on our online services? Do we have actual procedures and tools in place to cope with user/customer requests? What about data breaches? The interpretation of the regulation seem to change each week (but not the law itself!) GDPR Checklist
  5. 5. We need a unified way to identify where Personal Identifiable Information is stored across various plugins and i core in any WordPress instance
  6. 6. A series of hooks and filters provide a methodology on how to provide pointers to personal data
  7. 7. We started with a PHP Object Interface It was way too broad Together with Peter Suhm (@petersuhm) from WPPusher.com I asked the community to figure out what was happening on the GDPR scene - not much it turned out... So with the help of Allen Snook (@allendav), Andrew Ozz (@azaozz), Jesper V. Nielsen, Xenos Konstantinos (@xkon), Heather Burns (@webdevlaw), Nabeel Sulieman (@nabeel), Paul Sieminski (@pesieminski) - and all the rest...
  8. 8. We steered it towards a more WordPressy direction Hooks and Filters The Community rejoiced and our first Office Hours meeting on Slack #gdpr-compliance was... messy to say the least
  9. 9. Now, the #gdpr-compliance weekly office hours are Focused, less people But dedicated A small team is working hard on implementing the GDPR ‘interface’ into WordPress Core - and it’s not an interface anymore
  10. 10. We try to solve the simplest 3 things first by doing what we’ve always done with data - Create Read Update Delete
  11. 11. Data Portability > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_export_personal_data()
  12. 12. The Right to be ForgottenData Portability > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_personal_data()
  13. 13. The Right to be ForgottenData Portability We say anonymized, since most systems would break if you went and deleted data that is tied into statistics, logs, or transactional data. But if a system deletes data - that’s OK too. > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_personal_data()
  14. 14. The Right to be ForgottenData Portability Data Breach Notification > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_()
  15. 15. Plugins that store Personal Identifiable data provide pointers to where and what they store And how long and why they store it (eventually)
  16. 16. That way - plugins can store data as they see fit In the Database In files
  17. 17. Hip cloud plugin right here In the Database Some might even store it in The Cloud
  18. 18. It’s OK - but keep it in an EU (approved) country Clouds hovering EU acceptable territory only
  19. 19. Hip cloud plugin right here In the Database With the standard methodology we can create tools to work on that data
  20. 20. Current Status as of March 2018 : Adopted by WordPress and currently being implemented into Core
  21. 21. + Show which plugins are GDPR compliant + Collect Policy Texts from each plugin, and provide a centralized Policy Text pagebuilder + Notify GDPR authorities within your country of data breaches + Provide standardized anonymization of email addresses, Names, IP, GEO data … + ?? And soon a bunch of plugins on the repository that extends the new data-structure with new features
  22. 22. Plain text policyConsent Backup-compatibility Next steps ...
  23. 23. Lets talk GDPR The official #GDPR-Compliance chat every wednesday 17:00 UTC wordpress.slack.com Kåre Mulvad Steffensen kms@peytz.dk