Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent
Join Us for Contribution Sprints Mentored First time General Core sprint sprinter workshop sprint #drupalsprint Mediacurrent
Drupal. JavaScript. Future. Keynotes. Sessions. Sprints. A different kind of Drupal conference. Mark your calendar and prep your proposal! More details soon.
Today’s Team Dawn Aly Mark Shropshire | 4
Disclaimers | 5
Today’s Agenda I. Guiding Principles of the GDPR II. Creating a Positive PX III. Security by Design IV. Advanced Marketing Strategies in a Post GDPR World V. Creating an Action Plan (not a Freak-Out Plan) | 6
Guiding Principles of the GDPR | 7
What is GDPR? | 8
Who is at Risk for Compliance? ● ● ● ● ● ● | 9
Yep. Pretty much everyone. | 10
The GDPR is not just an IT Discussion 89% 85% 43% Believe their competitive Percentage of relationships advantage will be based on consumers will manage the customer experience without talking to a human by 2020 $3.8 million $150 million cost of a data breach for the average company anticipated increase of data breach costs by 2020 Sources: Gartner, Gartner, Symantec, Microsoft, Juniper Research | 11
GDPR Roles Public authority appointed in EU countries for monitoring compliance of GDPR Supervisory Authority Data Subject Legal entity or person Legal entity or person Individual processing the actual determining need and whose personal Controller Processor data on behalf of the means for processing data has been controller personal data collecte d Data Protection Officer GDPR required leadership position in organizations for monitoring internal GDPR compliance | 12
User Rights and Requirements Overview | 13
Breach Notification ● ● ● ● | 14
Right to Access ● ● ● | 15
Right to Erasure (Right to be Forgotten) ● ○ ○ ○ | 16
Data Portability ● ● ● ● | 17
Privacy by Design ● ● ● | 18
Data Protection Officers ● ● ● ● | 19
● ● | 20
Creating a Positive PX | 21
Data + Privacy doesn’t have to be scary. | 22
Universal PX Principles ● ● ● ● ● ● ● | 23
PII (Personally Identifiable Information) Examples ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Sources: https://en.wikipedia.org/wiki/Personally_identifiable_information | 24
Data Collection Transparency Data Portability ● Know what you collect ● Have clear privacy policies ● Allow users control over their data including: ● Only retain for as long as you ● Let users know how you use need data and why ○ Exporting data Protect data with encryption Give users the right to decide Deleting data ● ● ○ Do’s how and when data is ● Audit and log ○ Seeing the details of processed and shared their stored data ● Explain things in easy to understand language ● Collect any PII that you don’t ● Hide who you share data with ● Make it hard for users to absolutely need and why you share it with export data in a standard them format that is usable for ● Allow anyone or system imports to other systems and ● Force users to opt-out (opt-in access to data who doesn’t services Don’ts should be the pattern) have legitimate reason for processing ● Delay processing user Create hard to read privacy ● request for deletion, export, policies and other or reporting documents related to data privacy ● Rely on blanket consents PX Do’s and Don’ts | 25
Security by Design | 26
Secure by Design | 27
Privacy and Security SDLC 1. PLANNING 6. MAINTENANCE Document and understand security Consider and implement changes controls and regulatory requirements to to controls and regulations include in feature planning. affecting the project. Software Development 2. IMPLEMENTATION 5. DEPLOYMENT Life Cycle Development with security and Release software to production privacy controls in mind. environments after approved through agreed upon processes. Privacy and Security 4. DOCUMENTATION 3. TESTING Identify defects through review Document detailed project feature implementations and processes and testing controls guided by and how they apply to security and security and privacy requirements. privacy requirements. | 28
Security and Privacy Principles ● ● ● ● ● ● ● | 29
One Source: Townsend Security | 30
Advanced Marketing Strategies | 31
94% Trust Sources: Inc.com, Label Insight, Harvard Business Review | 32
Level of Trust by Industry Source: Harvard Business Review | 33
Building Trust with Marketing Education Marketing Deliver Value Trust Enablers High Quality Empower the Individual | 34
Big Data May Not Be So Big | 35
GDPR Benefits to Data ● ● ● Sources: Altimeter | 36
Marketing Automation and CRM ● ● ● ○ | 37
Creating an Action Plan | 38
Enforcement begins May 25, 2018 | 39
PX takes a team. | 40
Creating a Plan Data Collection Points Messaging and Consent User Control ● ● ● ● ● ● ● ● ● ● | 41
Next Steps ● ● ● ● ● ● | 42
PX is the new Golden Rule | 43
Drupal and Privacy/Security GDPR module Privacy Concerns as GDPR Compliance [#2848974] Guardr security distribution EU Cookie Compliance Encrypt module GDPR Export module GDPR Consent module Commerce GDPR Drush sql-sanitize | 44
What Did You Think? Thank you! Mediacurrent
Come See Us at Booth Join Us at our Afterparty #525 Tuesday 7-11pm @ The George Jones Thank you!
Recommend
More recommend