Drupal and the new EU privacy legislation (GDPR)

Drupal and the new EU privacy legislation (GDPR)

12 votes

Vote for this session.

EU adopted a new regulation concerning privacy called General Data Protection Regulation (GDPR) in spring 2016. It enters into full application during spring 2018 and it adds a lot of new requirements to handling personal data. It also introduces very high fines, up to 20 million euros or 4% of global turnover, so it's to be taken seriously. It's a complicated piece of legislation, built together after fierce lobbying and a lot of compromises. The end result leaves a lot of things open. One of the new things in the legislation are the direct requirements for the processors of the data. If you're a maintainer of your client's Drupal site, you used to not have any direct requirements set by law, but everything was the burden of the controller, your client. In May 2018 this changes. The GDPR introduces a set of requirements that will apply to anyone maintaining a site that stores personal data. The GDPR also applies to any service, regardless of its location, as long as it's saving the personal data of EU citizens. In this session we'll go through the main items on the legislation from Drupal's point-of-view. The speaker is not a lawyer, and the session will not contain any legal advice, but a view on what a Drupal vendor might expect having to deal with during the next 1.5 years. Please remember that there's a lot to interpret in the legislation and the interpretations as well as the upcoming supplementary local legislation could vary a lot between EU countries. The key items of the presentation are: A brief introduction to the GDPR What are the requirements for the processors (Drupal maintainers in this view)? What technical challenges complying with the law might bring to a Drupal vendor? What are the open questions in the legislation from a technical point of view right now? This is an updated and slightly modified version of the presentation held in DrupalCamp Baltics in October 2016.

Session Slides:
Kalle Varisvirta
Kalle Varisvirta
Exove
Technology Director