A crazy first couple of weeks
We’re stoked with the level of positive response and idéas from the development community. The GDPR regulation to many is something that comes from a foreign authority, but the core principles of the legislation have pointed in a direction the whole of the web community know it needs to go – no matter the name of the regulation.
The WPTavern article got a great deal of exposure and helped us get in touch with community people sitting in various interesting places. Much work has already gone into thoughts, legal texts and actual solutions in regards to GDPR compliance. Since GDPR can have a huge impact on the likes of Jetpack, Redux, and various form-builder plugins, it’s only natural that the focus for those companies is inward at the moment.
Our talks with Paul Sieminski from Automattic, and Dovy Paukstys from the Redux options framework have reassured us that we still do have a need for a GDPR structure which can help the community establish a basis for handling GDPR compliance.
We are aware that this is not a walk in the park, and legislation can have a massive impact on website owners, and developers alike. Our proposed interface is not one that you would be able to hold accountable, but to some extent, you might be able to build accountable systems on top of it.
40 plugin authors have answered our survey. 72,5% of which have a rough idea about the GDPR implications, and luckily only 7.5% don’t know what EU GDPR is 😉
That is contrasted by a whopping 43,9% answering that they do not currently have a plan against 4,9% that do have one.
(24,4% have plugins not handling user information in any way)
So you could say there is a need for some kind of solution.
With 90% answering, Yes, or I would consider implementing a GDPR “file” type solution into their plugins, I take that as thumbs up from the community in our proposed direction.
Where we’re at with the code
With the input we’ve gotten, we have been able to further develop our idea into the current state – one we are now open sourcing on GitHub (no real code just yet).
Our proposal is an Object interface which you can choose to implement in your plugin code (or theme). Doing so will require you to actively develop a set of methods that work specifically with your plugin code.
The output of those interface functions is first and foremost a unified way for us as a community, to identify information on personal data, no matter the format of your plugin.
The nature of such an interface, puts some responsibility in the hands of the developer, to identify any place, personal data is stored. What kind of data it is, and for what purpose as well as how it should be handled upon deletion.
The Interface approach will allow a community-wide adoption, without setting limitations on how plugin developers choose to work with their data – something we obviously can’t control.
The specific functions of the interface will directly correspond to the requirements in the GDPR.
That means we will – in time – have functions that will give you the ability to handle: requests to access userdata, the right to be forgotten, report data breaches, delete and anonymise data, a plain language description on how your plugin complies with GDPR, and a bunch of other very hands-on things you need to be able to do with the data your website collect.
Some of those functions will be required, others depend on the nature of the data you are handling.
With a set of ever-growing functions that tie into specifics of the GDPR, we will be able to allow the whole of the community to create GDPR-feature plugins that can handle the functions required by website owners(administrators) as well as the front-facing functions of allowing visitors to ask for information, delete or take their data with them.
Collaboration, the future, and funding
Our initial interface proposal (no real code) with the first couple of functions are now available on Github https://github.com/GDPRWP/standard.
Please remember that this is in no way ready for your dev. environments, but please do send us any feedback you can come up with.
It’s opensource since we believe that the WP Community will be the best place in the world to dynamically build this interface.
At the moment we’re 2 guys leading up this initiative, and although we are an eager bunch, we do realize that this requires much more work, and a bit of funding for us to go the full approx. 200 days.
We appreciate the help offered by Automattic and Redux.
If you wish to help out, please do contact me: firstname.lastname@example.org