Hi ! As all of You knows 25 May 2018, new European regulation about Data privacy will be active ( https://en.wikipedia.org/wiki/General_Data_Protection_Regulation ). All sites, which targets European citizens should respect it, otherwise, site owners could have big financial penalties.
The GDPR considers any data that can be used to identify an individual as personal data. It includes, for the first time, things such as genetic, mental, cultural, economic or social information.
So TYPO3 CMS should be ready for GDPR.
Sites built with TYPO3 will have to respect EU citizens rights, which include:
- The possibility for them to view the data you collected on them
- The possibility to rectify some data concerning them
- The possibility to delete their data
- The possibility to export their data
- Tools to help to notify the local data protection authority of a data breach
There are lot’s of stuff to do :
- IP Anonymization
- Personal data listing by user
- Personal data export by user
- Personal data delete by user
- Personal data expiration limits implementation
Personal Data management framework for the Core & Extension owners could be created.
I propose to create a working group and organize dedicated TYPO3 Code Sprints related to the preparation to GDPR, so it could be included in TYPO3 9 LTS.
- TYPO3 will be GDPR compliant, so could be used further by any site which is created for European citizens usage.
- Some serious and well organized work should be done by Core team & Extensions owners to make TYPO3 GDPR-ready by design.
Topic Initiator: Fedir
Topic Mentor: ?