People who visit and interact with a Drutopia site have their privacy and data protection rights respected, per European Union law (EUGDPR)
User story
As an operator of a web site which may have i visitor or user from Europe,
when I am given a legal notice to comply with EU General Data Protection Regulations
I want to be able to comply so that I don't get fined four million dollars.
Background
- Informed consent about data collection
- Right to be forgotten: if requested, need to delete everything associated with that user, including from all your backups.
(No one knows how exactly this will play out, but Facebook and Google's protestations have been swatted aside. As regulations are written, if you don't do this, you open yourself up to litigation. If you lose, you can be fined $4 million dollars or 4% of your global revenue, whichever is higher.
Proposed solution
- Stringent cookie policies; consent message or opt-out of data collection.
- Show and allow export and deletion of all data collected about a user.
There's A Module For That: https://www.drupal.org/project/gdpr
Remaining work
Ensure that modules Drutopia uses, including Give, integrate with the GDPR module and otherwise comply with the regulations which take effect May 25.
Implemetation
-
Add gdpr to distribution .info file. -
Add gdpr and eu_cookie_compliance to .json file. -
Add permission to the manager role for: - 'edit gdpr_checklist checklistapi checklist'
- 'administer eu cookie compliance popup'
Edited by Rosemary Mann