GDPR compliance of GD and all addons

Hi Stiofan,

text for the privacy policy, integration into the export/erase tools and to have some consent management is one part and might not get you GDPR compliance. I will wait until you are finshed and will check with my lawyer what we have. At the moment I get the feeling when I’m listening to my lawyer that this will not be enough to be compliant at all.

At the end I need this records of processing activities anyhow (this is law) and we are now finishing collecting all information. We have not yet decided on what level we like to finsh this regarding the website. One open point is the granularity of the use cases (processing activities). Is “calming a list” one activity or is the whole directory one activity. We are soon be ready to do this decision.
If “claming a list” is an activity, then we need the above mentioned information from your side about the processing of personal data in each step.

This is also a reason, that I don’t like this function in GDv2 where you store the IP when visiting the add place, because we are then in the whole topic of GDPR.

For me GDPR is to rethink of what information we are collecting and to limit this to the lowest level. If it is not really needed, don’t collect the information (like IPs etc.).

Best,
Dirk

Hi Stiofan,

I’m working in a big midsize company and we have our own data protection commissioner and also a company lawyer. This is what counts for me. No WP team and also no team from GD (and I guess you are not a lawyer).

Your statement for potential fines is incorrect. If you have a leakage and have not done it correctly you will be punished (financially) hard. There is no excuse that a WP team had a different view on the things.

As I mentioned above I will wait what we will have. And each one needs to have a records of processing activities. This is a must and not an option in GDPR (Art. 30). If you don’t have it and you have an audit from the official authorities, this can have huge impacts on your company or you as a person.
Based on the list of processing activities everything is derived. Depending on the personal data you are processing different state of the art technologies has to be implemented.

My view on this topic is always to think if you are introducing a GDPR related processing activity if this is really helpful for the user. If not or is nice to have, don’t do it or have a switch to disable it (here again about the auto-draft function). I would never store at this moment an IP on this auto-draft. There is no reason to do so. I will implement for WP that in such a case always 127.0.0.1 will be returned. Please be aware if you are implementing something based on auto-draft function the IP might be anonymous by someone. Then it might be a weird behaviour that everyone is getting a message about an existing auto-draft.

BTW: This is my personal (and together with some experts) view on this topic. Other in different environments might also be suitable. It is in each responsibility to realize the GDPR. Most of the things are nothing new and should be already available.

Best,
Dirk

claim listing addon: there was no update for this addon.