Nächste SlideShare
GDPR for WP Status
- 1. GDPR for WP A technical solution to the legal mumbo jumbo
- 2. GDPR … is comming
- 3. wordpress.slack.com #gdpr-compliance TRAC.WordPress.org core.trac.wordpress.org/query?status=!closed&keywords=~g dpr Participate
- 4. Less than 100 days to go, and all I got was this not-so-plain T-shirt Policy Text to put on my website Where do we store Personal Identifiable Information on our online services? Do we have actual procedures and tools in place to cope with user/customer requests? What about data breaches? The interpretation of the regulation seem to change each week (but not the law itself!) GDPR Checklist
- 5. We need a unified way to identify where Personal Identifiable Information is stored across various plugins and i core in any WordPress instance
- 6. A series of hooks and filters provide a methodology on how to provide pointers to personal data
- 7. We started with a PHP Object Interface It was way too broad Together with Peter Suhm (@petersuhm) from WPPusher.com I asked the community to figure out what was happening on the GDPR scene - not much it turned out... So with the help of Allen Snook (@allendav), Andrew Ozz (@azaozz), Jesper V. Nielsen, Xenos Konstantinos (@xkon), Heather Burns (@webdevlaw), Nabeel Sulieman (@nabeel), Paul Sieminski (@pesieminski) - and all the rest...
- 8. We steered it towards a more WordPressy direction Hooks and Filters The Community rejoiced and our first Office Hours meeting on Slack #gdpr-compliance was... messy to say the least
- 9. Now, the #gdpr-compliance weekly office hours are Focused, less people But dedicated A small team is working hard on implementing the GDPR ‘interface’ into WordPress Core - and it’s not an interface anymore
- 10. We try to solve the simplest 3 things first by doing what we’ve always done with data - Create Read Update Delete
- 11. Data Portability > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_export_personal_data()
- 12. The Right to be ForgottenData Portability > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_personal_data()
- 13. The Right to be ForgottenData Portability We say anonymized, since most systems would break if you went and deleted data that is tied into statistics, logs, or transactional data. But if a system deletes data - that’s OK too. > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_personal_data()
- 14. The Right to be ForgottenData Portability Data Breach Notification > > 3 things: Read - Delete - Notify wp_ajax_wp_privacy_[ Still being developed ]_()
- 15. Plugins that store Personal Identifiable data provide pointers to where and what they store And how long and why they store it (eventually)
- 16. That way - plugins can store data as they see fit In the Database In files
- 17. Hip cloud plugin right here In the Database Some might even store it in The Cloud
- 18. It’s OK - but keep it in an EU (approved) country Clouds hovering EU acceptable territory only
- 19. Hip cloud plugin right here In the Database With the standard methodology we can create tools to work on that data
- 20. Current Status as of March 2018 : Adopted by WordPress and currently being implemented into Core
- 21. + Show which plugins are GDPR compliant + Collect Policy Texts from each plugin, and provide a centralized Policy Text pagebuilder + Notify GDPR authorities within your country of data breaches + Provide standardized anonymization of email addresses, Names, IP, GEO data … + ?? And soon a bunch of plugins on the repository that extends the new data-structure with new features
- 22. Plain text policyConsent Backup-compatibility Next steps ...
- 23. Lets talk GDPR The official #GDPR-Compliance chat every wednesday 17:00 UTC wordpress.slack.com Kåre Mulvad Steffensen kms@peytz.dk
Loggen Sie sich ein, um Kommentare anzuzeigen.