GDPR

Alexey Gorushkin

BizDev at DevBranch

we all will live with it

Session plan

1. What is GDPR

 

2. Boring theory and terminology

 

3. Changes on web-sites

 

4. Problems of web data

5. Drupal contrib modules

 

6. Who should do what

 

7. Gratitude

27 April 2016

25 May 2018

General Data Protection Regulation

Controller

Processor

defines whose data to process,

how and why

processes the data provided

by controller, by controller

demand and instructions

GDPR rights

1. being informed

 

2. access to the data

 

3. data corretion

 

4. being forgotten

5. limiting processing

 

6. data mobility

 

7. rejecting processing

 

8. automative decisions

Changes on web-sites

Privacy by design

1. Positive opt-in

2. Privacy policy & Terms of conditions

3. Newsletters

  • unchecked confirmation check-box
     
  • separate check-box on 3d parties
     
  • those field can't be required
     
  • unsubscribe link
     
  • double opt in

4. Logs

6. GDPR email

5. Social media and SSO

8. Cookies

9. Google Analytics

  • note their usage both in Privacy Policy and Cookie Policy
     
  • IP anonymization
     
  • data storage on Google servers

9. Google Analytics

ga('set', 'anonymizeIp', true);
ga('send', 'pageview', {
  'anonymizeIp': true
});

for all queries

for a single query

IP anonymization

9. Google Analytics

data storage on Google servers

Web data

problems

encryption

storage

deletion

Storage

  1. Access restriction
     
  2. Export
     
  3. Editing
     
  4. Storage term

Encryption

  1. When transferring
     
  2. When storing
     
  3. Backups
     
  4. Pseudonymization

Deletion

  1. From databases
     
  2. From 3d parties
     
  3. From Google
    https://www.google.com/webmasters/tools/removals

Drupal contrib modules

https://www.drupal.org/project/

eu_cookie_compliance

/encrypt

/gdpr

Drupal contrib modules

https://www.drupal.org/project/

scrambler

/gdpr_compliance

/gdpr_consent

/mask_user_data

/commerce_gdpr

/gdpr_export

Who should do what

Lawyers

  1. Make audit and
    create data flow
  2. Rewrite content of Privacy
    Policy and Terms of conditions
  3. Re-analyze clients contracts

Marketers

  1. Newsletter to current
    subscribers database
  2. Check Google Analytics settings
  3. Unchecked check-boxes

Who should do what

Web developers

1. Ask about GDPR plans on their projects
 

2. Implement GDPR taks

Business owners

1. Understand whether your company should have DP officer and / or EU representative

 

2. Inform EU clients whose data is transferred to Ukrainian tax services and banks

Gratitude

1. Balu Ertl

2. Riley Cunningham

3. Bohdan Artemchuk

4. Brainsum

5. Freely Give

6. Druid

7. Bozhidar Bozhanov

8. Mark Tomkins

Gratitude

1. Balu Ertl

2. Riley Cunningham

3. Bohdan Artemchuk

4. Brainsum

5. Freely Give

6. Druid

7. Bozhidar Bozhanov

8. Mark Tomkins

YOU :)

Made with Slides.com