Methodology and tools for Drupal sites GDPR compliance
Workshops are limited to 30 participants. Please add your name to the attendees list.
As all of You knows, since 25 May 2018 new European data protection regulation (GDRP) is active. All sites, which targets European citizens should respect it, otherwise, site owners could have big legal problems and important financial penalties.
The GDPR considers any data that can be used to identify an individual as personal data. It includes, for the first time, things such as genetic, mental, cultural, economic or social information.
All sites, built with Drupal or any other CMS should be compatible with GDPR.
It's mean, sites, which operates private data should propose to site's users following features:
- The possibility for them to view the data you collected on them;
- The possibility to rectify some data concerning them;
- The possibility to delete their data;
- The possibility to export their data;
- Tools to help to notify the local data protection authority of a data breach;
- Anonymization / pseudoanonymization;
- Personal data expiration;
- ...
At the moment, there are at least 9 modules on Drupal.org, which could help to site builders and developers to make their sites GDPR compatible. And it's already great, what the community is active, and propose real solutions.
But there is still many steps to do, to really integrate GDPR compliance into the architecture of Drupal, to create bullet-proof data protected and efficient architecture.
In this workshop we'll work with personal data management framework for extensions owners and we'll see how Drupal's Core could be optimized to be natively compatible with GDPR requirements.