![Page 1: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/1.jpg)
Think Your Website is GDPR Compliant?DrupalCon
NASHVILLE 2018
Mediacurrent
![Page 2: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/2.jpg)
Mediacurrent
Mentored Core sprint
First timesprinter workshop
Generalsprint
#drupalsprint
Join Us for Contribution Sprints
![Page 3: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/3.jpg)
Drupal. JavaScript. Future.Keynotes. Sessions. Sprints.A different kind of Drupal conference.
Mark your calendar and prep your proposal!More details soon.
![Page 4: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/4.jpg)
| 4
Today’s Team
Dawn Aly Mark Shropshire
![Page 5: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/5.jpg)
| 5
Disclaimers
![Page 6: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/6.jpg)
| 6
Today’s Agenda
I. Guiding Principles of the GDPR
II. Creating a Positive PX
III. Security by Design
IV. Advanced Marketing Strategies
in a Post GDPR World
V. Creating an Action Plan
(not a Freak-Out Plan)
![Page 7: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/7.jpg)
| 7
Guiding Principles of the GDPR
![Page 9: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/9.jpg)
| 9
Who is at Risk for Compliance?
●
●
●
●
●
●
![Page 10: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/10.jpg)
| 10
Yep. Pretty much everyone.
![Page 11: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/11.jpg)
| 11
The GDPR is not just an IT Discussion
43%
$150 millionanticipated increase of data breach costs by 2020
89%Believe their competitive
advantage will be based on the customer experience
85% Percentage of relationships
consumers will manage without talking to a
human by 2020
Sources: Gartner, Gartner, Symantec, Microsoft, Juniper Research
$3.8 millioncost of a data breach for the average company
![Page 12: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/12.jpg)
| 12
GDPR Roles
Legal entity or person processing the actual data on behalf of the controller
GDPR required leadership position in organizations for monitoring internal
GDPR compliance
Legal entity or person determining need and means for processing
personal data
Data SubjectIndividual
whose personal data has been
collected
Public authority appointed in EU countries for monitoring compliance of GDPR
Supervisory Authority
Controller Processor
Data Protection
Officer
![Page 13: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/13.jpg)
| 13
User Rights and Requirements Overview
![Page 14: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/14.jpg)
| 14
Breach Notification
●
●
●
●
![Page 15: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/15.jpg)
| 15
Right to Access
●
●
●
![Page 16: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/16.jpg)
| 16
Right to Erasure (Right to be Forgotten)
●
○
○
○
![Page 17: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/17.jpg)
| 17
Data Portability
●
●
●
●
![Page 18: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/18.jpg)
| 18
Privacy by Design
●
●
●
![Page 19: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/19.jpg)
| 19
Data Protection Officers
●
●
●
●
![Page 20: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/20.jpg)
| 20
●
●
![Page 21: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/21.jpg)
| 21
Creating a Positive PX
![Page 22: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/22.jpg)
| 22
Data + Privacy doesn’t have to be scary.
![Page 23: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/23.jpg)
| 23
Universal PX Principles
●
●
●
●
●
●
●
![Page 24: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/24.jpg)
| 24
●●●●●
●
PII (Personally Identifiable Information)Examples
●
●
●
●●
●●●●●
Sources: https://en.wikipedia.org/wiki/Personally_identifiable_information
![Page 25: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/25.jpg)
| 25PX Do’s and Don’ts
Data Collection Transparency Data Portability
Do’s
Don’ts
● Know what you collect
● Only retain for as long as you need
● Protect data with encryption
● Audit and log
● Have clear privacy policies
● Let users know how you use data and why
● Give users the right to decide how and when data is processed and shared
● Explain things in easy to understand language
● Allow users control over their data including:
○ Exporting data
○ Deleting data
○ Seeing the details of their stored data
● Collect any PII that you don’t absolutely need
● Allow anyone or system access to data who doesn’t have legitimate reason for processing
● Hide who you share data with and why you share it with them
● Force users to opt-out (opt-in should be the pattern)
● Create hard to read privacy policies and other documents related to data privacy
● Rely on blanket consents
● Make it hard for users to export data in a standard format that is usable for imports to other systems and services
● Delay processing user request for deletion, export, or reporting
![Page 26: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/26.jpg)
| 26
Security by Design
![Page 28: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/28.jpg)
| 28
Privacy and Security SDLC1. PLANNINGDocument and understand security controls and regulatory requirements to include in feature planning.
Software Development
Life Cycle
3. TESTINGIdentify defects through review and testing controls guided by security and privacy requirements.
4. DOCUMENTATIONDocument detailed project feature
implementations and processes and how they apply to security and
privacy requirements.
5. DEPLOYMENTRelease software to production
environments after approved through agreed upon processes.
6. MAINTENANCEConsider and implement changes
to controls and regulations affecting the project.
2. IMPLEMENTATIONDevelopment with security and privacy controls in mind.
Privacy and Security
![Page 29: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/29.jpg)
| 29
Security and Privacy Principles
●
●
●
●
●
●
●
![Page 30: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/30.jpg)
| 30
One
Source: Townsend Security
![Page 31: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/31.jpg)
| 31
Advanced Marketing Strategies
![Page 32: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/32.jpg)
| 32
Trust
Sources: Inc.com, Label Insight, Harvard Business Review
94%
![Page 33: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/33.jpg)
| 33
Level of Trust by Industry
Source: Harvard Business Review
![Page 34: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/34.jpg)
| 34
Building Trust with Marketing
Trust Enablers
Empower the Individual
Education Marketing
High Quality
Deliver Value
![Page 35: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/35.jpg)
| 35
Big Data May Not Be So Big
![Page 36: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/36.jpg)
| 36
GDPR Benefits to Data
●
●
●
Sources: Altimeter
![Page 37: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/37.jpg)
| 37
Marketing Automation and CRM
●
●
●
○
![Page 38: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/38.jpg)
| 38
Creating an Action Plan
![Page 39: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/39.jpg)
| 39
Enforcement begins May 25, 2018
![Page 40: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/40.jpg)
| 40
PX takes a team.
![Page 41: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/41.jpg)
| 41
●
●
●
Creating a Plan
●
●
●
●
●
●
●
Data Collection Points Messaging and Consent User Control
![Page 42: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/42.jpg)
| 42
Next Steps
●
●
●
●
●
●
![Page 43: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/43.jpg)
| 43
PX is the new Golden Rule
![Page 44: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/44.jpg)
| 44
Drupal and Privacy/Security
GDPR module
Guardr security distribution
Encrypt module
GDPR Consent module
Drush sql-sanitize
Privacy Concerns as GDPR Compliance [#2848974]
EU Cookie Compliance
GDPR Export module
Commerce GDPR
![Page 45: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/45.jpg)
What Did You Think?
Mediacurrent
Thank you!
![Page 46: Compliant? Think Your Website is GDPR · Think Your Website is GDPR Compliant? DrupalCon NASHVILLE 2018 Mediacurrent . Mediacurrent Mentored Core sprint First time sprinter workshop](https://reader035.vdocument.in/reader035/viewer/2022081522/5fb4cba953e15379f1113b30/html5/thumbnails/46.jpg)
Thank you!
Come See Us at Booth#525
Join Us at our AfterpartyTuesday 7-11pm @The George Jones