SlideShare a Scribd company logo
1 of 35
Download to read offline
G D P R F T W ! O R , H OW I L E A R N E D TO
STO P WO R RY I N G A N D LOV E
P R I VACY BY D E S I G N
@jeckman
N OT E : I A M
N OT A L AW Y E R
@jeckman
I N T H E B E G I N N I N G @jeckman
C O O K I E S
Photo by John Dancy on Unsplash
@jeckman
“One day in June 1994, Lou Montulli sat down at his keyboard to fix one of the biggest
problems facing the fledgling World Wide Web -- and, as so often happens in the world of
technology, he created another one.
At 24, Mr. Montulli was the ninth employee [at] Netscape Communications. . . he quickly came
up with an ingenious idea to address the problem and hammered out a five-page document
describing the technology that he and co-workers would design to give the Web a memory.
The solution called for each Web site's computer to place a small file on each visitor's machine
that would track what the visitor's computer did at that site. . . . It was a turning point in the
history of computing: at a stroke, cookies changed the Web from a place of discontinuous
visits into a rich environment in which to shop, to play -- even, for some people, to live. Cookies
fundamentally altered the nature of surfing the Web from being a relatively anonymous activity,
like wandering the streets of a large city, to the kind of environment where records of one's
transactions, movements and even desires could be stored, sorted, mined and sold.” - John
Schwartz
https://www.nytimes.com/2001/09/04/business/giving-web-a-memory-cost-its-users-privacy.html
@jeckman
P 3 P
https://www.w3.org/P3P/brochure.html
@jeckman
P 3 P
The Platform for Privacy Preferences
Project (P3P) is an obsolete protocol allowing
websites to declare their intended use of
information they collect about web browser users.
Designed to give users more control of their
personal information when browsing, P3P was
developed by the World Wide Web Consortium
(W3C) and officially recommended on April 16,
2002. Development ceased shortly thereafter and
there have been very few implementations of P3P.
https://en.wikipedia.org/wiki/P3P
https://www.w3.org/P3P/brochure.html
@jeckman
D O N OT T R AC K ( D N T )
https://www.eff.org/issues/do-not-track
@jeckman
D O N OT T R AC K ( D N T ) https://allaboutdnt.com/
@jeckman
@jeckman
John Eckman • @jeckman • #wcpub
– J O H N N Y A P P L E S E E D
“Type a quote here.”
https://www.betterads.org/
@jeckman
@jeckman
E N T E R T H E
G D P R
@jeckman
R E M E M B E R : I
A M N OT
A L AW Y E R
@jeckman
https://twitter.com/RebelEmG/status/988442580902989824
The General Data Protection Regulation
(GDPR) is an EU regulation that went into
effect on May 25th, 2018.
GDPR aims to give individuals (EU
citizens) more control over their personal
data, by requiring that businesses gain
more explicit consent from them to collect
and use it.
@jeckman
https://twitter.com/lesteph/status/988401663810723840
Understanding: At its core, GDPR is designed to
protect user data and empower users to have a better
understanding of:
1. What data is being collected about them.
2. How and why their data is being used.
Control: GDPR is also designed to give users better
control over their data. Users must be able to:
1. Tell companies what they can/cannot do with their
data.
2. Request a record of all data stored about them.
3. Amend any data stored about them if it is not
correct.
4. Request the deletion of any/all data stored about
them.
@jeckman
https://twitter.com/samnickerson/status/988673113109028864
Reach: GDPR is designed to protect all EU
citizens and residents. It doesn’t matter
whether the company capturing/
processing data is based in the EU, the
only thing that matters is that the data you
are capturing belongs to an EU Citizen.



@jeckman
https://twitter.com/AlbFreeman/status/988678211998449665
Individual Rights: All EU Citizens are entitled to
a series of individual rights under GDPR.
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision
making and profiling
@jeckman
https://twitter.com/everylilbreeze/status/997381429322571776
5 Areas of Focus: There are 5 areas that
the GDPR focuses on. These provide a
framework for data capture:
1. Purpose
2. Limited
3. Accurate
4. Time Limited
5. Secure
@jeckman
https://twitter.com/klillington/status/997063126322434049
Purpose: there are six legally acceptable reasons that a company
can process user data. All data processing needs to fit into one of
these categories and should be documented.
1. Consent: a user has given clear consent for you to
process their personal data for a specific purpose.
2. Contract: the processing is necessary for a contract
you have with the individual, or because they have
asked you to take specific steps before entering into a
contract.
3. Legal obligation: the processing is necessary for you
to comply with the law.
4. Vital interests: the processing is necessary to
protect someone’s life.
5. Public task: the processing is necessary for you to
perform a task in the public interest or for your official
functions, and the task or function has a clear basis in
law.
6. Legitimate interests: the processing is necessary for
your legitimate interests or the legitimate
interests of a third party unless there is a good
reason to protect the individual’s personal data which
overrides those legitimate interests.
@jeckman
https://twitter.com/CamHamTT/status/99994671805256
Limited: No data should be captured or
stored unless it is specifically required for an
approved data processing activity.
Accurate: All data that is captured should
be accurate and kept up to date for as long
as it is stored. Users should be able to
submit amendments to any data and
records should then be updated
accordingly.
@jeckman
https://twitter.com/evankirstel/status/1000344045221228544
Time Limited: Data should only be stored for
as long as required to process the data.
Once you are no longer processing the data,
it should be deleted.
Secure: All data processing and storage
needs to be secure by design and security
practices should be well documented. This
includes both technical infrastructure as well
as access rights/policies.
@jeckman
https://open.spotify.com/playlist/5Pe51v0sHLybSEkX0m0JRf
Data principles:
1. Capture/store as little data as possible.
2. Document what data you are capturing/
storing, why where it is being stored and
for how long.
3. Encrypt data wherever possible.
4. Use anonymised data wherever possible.
5. Make sure that any data you are
capturing has an explicit opt-in.
6. Make it easy for users to make requests
of their data.
7. Make sure to keep your data up-to-date
and accurate.
@jeckman
P R I VACY BY D E S I G N Photo by Dayne Topkin on Unsplash
@jeckman
https://gdpr-info.eu/art-25-gdpr/
@jeckman
ST I L L N OT
A L AW Y E R
@jeckman
W H AT D O I D O?
@jeckman
Photo by rawpixel on Unsplash
Assess & Document:
What data do we collect about visitors
and customers?
How is that data collected, stored, and
used?
What is the purpose for which that data is
collected and used?
How do we inform users of the purpose,
intent, retention, and permissions with
respect to their data?
TA K E OW N E R S H I P
Plan:
What features on our site need to be
revisited?
Where can we limit our use of data, in
scope, in timeline, or in purpose?
Where can we limit our data gathering?
How long will it take to get us into
compliance?
@jeckman
D I V E R S I F Y R E V E N U E ST R E A M S
Photo by Maria Imelda on Unsplash
@jeckman
C U LT I VAT E T R A N S PA R E N CY &
H O N E ST Y
Photo by Kelli Dougal on Unsplash
@jeckman
Don’t Panic:
Enforcement of the GDPR will most likely
first impact businesses with significant
financial interests and assets in the EU.
If you have enough financial presence in
the EU, you can afford a GDPR
compliance consultant.
B U T I J U ST P U B L I S H A B LO G !
Have a Privacy Policy
Be clear about what data you collect,
how, and why
Most Likely Impact:
Third-party tools:
• Analytics
• Comments
• Newsletters
@jeckman
F O C U S O N
T H E S P I R I T
O F T H E L AW,
N OT J U ST
T H E L E T T E R
Photo by Maria Freyenbacher on Unsplash
@jeckman
D I D I
M E N T I O N I
A M N OT A
L AW Y E R ?
@jeckman
https://10up.com/about/ https://10up.com/careers/
@jeckman
Thank You!
Feedback Welcome: @jeckman or john.eckman@10up.com

More Related Content

What's hot

12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyClaudiu Popa
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
Big data security the perfect storm
Big data security   the perfect stormBig data security   the perfect storm
Big data security the perfect stormUlf Mattsson
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!SparkPost
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital spaceYves Sinka
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Praveenkumar Hosangadi
 
The Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityThe Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityARDC
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
Gdpr demystified - making sense of the regulation
Gdpr demystified  - making sense of the regulationGdpr demystified  - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance Dovetail Software
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation David Sayce
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by DesignUnisys Corporation
 

What's hot (20)

12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slides
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
Big data security the perfect storm
Big data security   the perfect stormBig data security   the perfect storm
Big data security the perfect storm
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital space
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
The Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityThe Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research community
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
 
Gdpr demystified - making sense of the regulation
Gdpr demystified  - making sense of the regulationGdpr demystified  - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMS
 
The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
 

Similar to GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design

Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
The death of data protection
The death of data protection The death of data protection
The death of data protection Lilian Edwards
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obamaLilian Edwards
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 
Safe use of cloud - alternative cloud
Safe use of cloud - alternative cloudSafe use of cloud - alternative cloud
Safe use of cloud - alternative cloudTomppa Järvinen
 
Emerging technologies in computer science
Emerging technologies in computer scienceEmerging technologies in computer science
Emerging technologies in computer scienceSrinivas Narasegouda
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Aaron Banham
 
People as sensors - mining social media for meaningful information
People as sensors - mining social media for meaningful informationPeople as sensors - mining social media for meaningful information
People as sensors - mining social media for meaningful informationTom Raftery
 
Pecha Kucha Script
Pecha Kucha ScriptPecha Kucha Script
Pecha Kucha Scriptpanayimedia
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
5 BS Facts About Data Privacy Everyone Thinks Are True
5 BS Facts About Data Privacy Everyone Thinks Are True5 BS Facts About Data Privacy Everyone Thinks Are True
5 BS Facts About Data Privacy Everyone Thinks Are TrueSocial Media Today
 
Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?ANSItunCERT
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
 
Ch 19. social and economic effects of it
Ch 19. social and economic effects of itCh 19. social and economic effects of it
Ch 19. social and economic effects of itKhan Yousafzai
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneThomas Goubau
 

Similar to GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design (20)

Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
The death of data protection
The death of data protection The death of data protection
The death of data protection
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obama
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
Safe use of cloud - alternative cloud
Safe use of cloud - alternative cloudSafe use of cloud - alternative cloud
Safe use of cloud - alternative cloud
 
Emerging technologies in computer science
Emerging technologies in computer scienceEmerging technologies in computer science
Emerging technologies in computer science
 
PP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptxPP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptx
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
 
People as sensors - mining social media for meaningful information
People as sensors - mining social media for meaningful informationPeople as sensors - mining social media for meaningful information
People as sensors - mining social media for meaningful information
 
Pecha Kucha Script
Pecha Kucha ScriptPecha Kucha Script
Pecha Kucha Script
 
ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
 
5 BS Facts About Data Privacy Everyone Thinks Are True
5 BS Facts About Data Privacy Everyone Thinks Are True5 BS Facts About Data Privacy Everyone Thinks Are True
5 BS Facts About Data Privacy Everyone Thinks Are True
 
Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?Access now : Data Protection: What you should know about it?
Access now : Data Protection: What you should know about it?
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data Environment
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data Environment
 
Role of CAs in cyber world
Role of CAs in cyber worldRole of CAs in cyber world
Role of CAs in cyber world
 
Ch 19. social and economic effects of it
Ch 19. social and economic effects of itCh 19. social and economic effects of it
Ch 19. social and economic effects of it
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect Everyone
 

More from John Eckman

Don't fear the block: Gutenberg is gettin' good
Don't fear the block: Gutenberg is gettin' goodDon't fear the block: Gutenberg is gettin' good
Don't fear the block: Gutenberg is gettin' goodJohn Eckman
 
#NoStalking: Advertising & User Privacy
#NoStalking: Advertising & User Privacy#NoStalking: Advertising & User Privacy
#NoStalking: Advertising & User PrivacyJohn Eckman
 
There's a Reason We Call Them Institutions: Working in Higher Education Witho...
There's a Reason We Call Them Institutions: Working in Higher Education Witho...There's a Reason We Call Them Institutions: Working in Higher Education Witho...
There's a Reason We Call Them Institutions: Working in Higher Education Witho...John Eckman
 
Working the Open: Open Source in an Agency
Working the Open: Open Source in an AgencyWorking the Open: Open Source in an Agency
Working the Open: Open Source in an AgencyJohn Eckman
 
The Blob, the Chunk, & the Block: Structured Content in the Age of Gutenberg
The Blob, the Chunk, & the Block: Structured Content in the Age of GutenbergThe Blob, the Chunk, & the Block: Structured Content in the Age of Gutenberg
The Blob, the Chunk, & the Block: Structured Content in the Age of GutenbergJohn Eckman
 
Taking Back What and From Whom?: Imagined Communities and Role of WordPress i...
Taking Back What and From Whom?: Imagined Communities and Role of WordPress i...Taking Back What and From Whom?: Imagined Communities and Role of WordPress i...
Taking Back What and From Whom?: Imagined Communities and Role of WordPress i...John Eckman
 
Gutenberg for Agencies
Gutenberg for AgenciesGutenberg for Agencies
Gutenberg for AgenciesJohn Eckman
 
Engaging in Digital: Sites for Non-Profits
Engaging in Digital: Sites for Non-ProfitsEngaging in Digital: Sites for Non-Profits
Engaging in Digital: Sites for Non-ProfitsJohn Eckman
 
Dear Firstname Lastname: Personalization & Content Targeting
Dear Firstname Lastname: Personalization & Content TargetingDear Firstname Lastname: Personalization & Content Targeting
Dear Firstname Lastname: Personalization & Content TargetingJohn Eckman
 
But Why? Use Cases for the REST API
But Why? Use Cases for the REST APIBut Why? Use Cases for the REST API
But Why? Use Cases for the REST APIJohn Eckman
 
WPDrama & The Four Agreements
WPDrama & The Four AgreementsWPDrama & The Four Agreements
WPDrama & The Four AgreementsJohn Eckman
 
Distributed, not Disconnected: Employee Engagement for Remote Companies
Distributed, not Disconnected: Employee Engagement for Remote CompaniesDistributed, not Disconnected: Employee Engagement for Remote Companies
Distributed, not Disconnected: Employee Engagement for Remote CompaniesJohn Eckman
 
Disrupting Distribution
Disrupting DistributionDisrupting Distribution
Disrupting DistributionJohn Eckman
 
Managing Clients without Going Crazy
Managing Clients without Going CrazyManaging Clients without Going Crazy
Managing Clients without Going CrazyJohn Eckman
 
Stop Gathering Requirements - Start Defining Success
Stop Gathering Requirements - Start Defining SuccessStop Gathering Requirements - Start Defining Success
Stop Gathering Requirements - Start Defining SuccessJohn Eckman
 
Client Diplomacy: From Adversaries to Allies
Client Diplomacy: From Adversaries to AlliesClient Diplomacy: From Adversaries to Allies
Client Diplomacy: From Adversaries to AlliesJohn Eckman
 
WordPress as a CMS Platform: Gilbane 2015
WordPress as a CMS Platform: Gilbane 2015WordPress as a CMS Platform: Gilbane 2015
WordPress as a CMS Platform: Gilbane 2015John Eckman
 
WordPress and the Enterprise Disconnect
WordPress and the Enterprise DisconnectWordPress and the Enterprise Disconnect
WordPress and the Enterprise DisconnectJohn Eckman
 
The Future of WordPress (and Your Role In It)
The Future of WordPress (and Your Role In It)The Future of WordPress (and Your Role In It)
The Future of WordPress (and Your Role In It)John Eckman
 
Design From the Content Out
Design From the Content OutDesign From the Content Out
Design From the Content OutJohn Eckman
 

More from John Eckman (20)

Don't fear the block: Gutenberg is gettin' good
Don't fear the block: Gutenberg is gettin' goodDon't fear the block: Gutenberg is gettin' good
Don't fear the block: Gutenberg is gettin' good
 
#NoStalking: Advertising & User Privacy
#NoStalking: Advertising & User Privacy#NoStalking: Advertising & User Privacy
#NoStalking: Advertising & User Privacy
 
There's a Reason We Call Them Institutions: Working in Higher Education Witho...
There's a Reason We Call Them Institutions: Working in Higher Education Witho...There's a Reason We Call Them Institutions: Working in Higher Education Witho...
There's a Reason We Call Them Institutions: Working in Higher Education Witho...
 
Working the Open: Open Source in an Agency
Working the Open: Open Source in an AgencyWorking the Open: Open Source in an Agency
Working the Open: Open Source in an Agency
 
The Blob, the Chunk, & the Block: Structured Content in the Age of Gutenberg
The Blob, the Chunk, & the Block: Structured Content in the Age of GutenbergThe Blob, the Chunk, & the Block: Structured Content in the Age of Gutenberg
The Blob, the Chunk, & the Block: Structured Content in the Age of Gutenberg
 
Taking Back What and From Whom?: Imagined Communities and Role of WordPress i...
Taking Back What and From Whom?: Imagined Communities and Role of WordPress i...Taking Back What and From Whom?: Imagined Communities and Role of WordPress i...
Taking Back What and From Whom?: Imagined Communities and Role of WordPress i...
 
Gutenberg for Agencies
Gutenberg for AgenciesGutenberg for Agencies
Gutenberg for Agencies
 
Engaging in Digital: Sites for Non-Profits
Engaging in Digital: Sites for Non-ProfitsEngaging in Digital: Sites for Non-Profits
Engaging in Digital: Sites for Non-Profits
 
Dear Firstname Lastname: Personalization & Content Targeting
Dear Firstname Lastname: Personalization & Content TargetingDear Firstname Lastname: Personalization & Content Targeting
Dear Firstname Lastname: Personalization & Content Targeting
 
But Why? Use Cases for the REST API
But Why? Use Cases for the REST APIBut Why? Use Cases for the REST API
But Why? Use Cases for the REST API
 
WPDrama & The Four Agreements
WPDrama & The Four AgreementsWPDrama & The Four Agreements
WPDrama & The Four Agreements
 
Distributed, not Disconnected: Employee Engagement for Remote Companies
Distributed, not Disconnected: Employee Engagement for Remote CompaniesDistributed, not Disconnected: Employee Engagement for Remote Companies
Distributed, not Disconnected: Employee Engagement for Remote Companies
 
Disrupting Distribution
Disrupting DistributionDisrupting Distribution
Disrupting Distribution
 
Managing Clients without Going Crazy
Managing Clients without Going CrazyManaging Clients without Going Crazy
Managing Clients without Going Crazy
 
Stop Gathering Requirements - Start Defining Success
Stop Gathering Requirements - Start Defining SuccessStop Gathering Requirements - Start Defining Success
Stop Gathering Requirements - Start Defining Success
 
Client Diplomacy: From Adversaries to Allies
Client Diplomacy: From Adversaries to AlliesClient Diplomacy: From Adversaries to Allies
Client Diplomacy: From Adversaries to Allies
 
WordPress as a CMS Platform: Gilbane 2015
WordPress as a CMS Platform: Gilbane 2015WordPress as a CMS Platform: Gilbane 2015
WordPress as a CMS Platform: Gilbane 2015
 
WordPress and the Enterprise Disconnect
WordPress and the Enterprise DisconnectWordPress and the Enterprise Disconnect
WordPress and the Enterprise Disconnect
 
The Future of WordPress (and Your Role In It)
The Future of WordPress (and Your Role In It)The Future of WordPress (and Your Role In It)
The Future of WordPress (and Your Role In It)
 
Design From the Content Out
Design From the Content OutDesign From the Content Out
Design From the Content Out
 

Recently uploaded

HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHelene Heckrotte
 
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...Brian Solis
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarNathanielSchmuck
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfCharles Cotter, PhD
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfJohnCarloValencia4
 
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024Stephan Koning
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Reportamberjiles31
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...AustraliaChapterIIBA
 
Transform Your Kitchen Essential Tips for Renovations in Launceston
Transform Your Kitchen Essential Tips for Renovations in LauncestonTransform Your Kitchen Essential Tips for Renovations in Launceston
Transform Your Kitchen Essential Tips for Renovations in Launcestondjhbuildersau
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating PerformanceSix Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating PerformanceOperational Excellence Consulting
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.mcshagufta46
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Onlinelng ths
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
Company Profile and SWOT Analysis Product List.pdf
Company Profile and SWOT Analysis Product List.pdfCompany Profile and SWOT Analysis Product List.pdf
Company Profile and SWOT Analysis Product List.pdfRobertPhillips265023
 

Recently uploaded (20)

HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptxHELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
HELENE HECKROTTE'S PROFESSIONAL PORTFOLIO.pptx
 
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
The End of Business as Usual: Rewire the Way You Work to Succeed in the Consu...
 
Live-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry WebinarLive-Streaming in the Music Industry Webinar
Live-Streaming in the Music Industry Webinar
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
 
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdfAMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
AMAZON SELLER VIRTUAL ASSISTANT PRODUCT RESEARCH .pdf
 
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 Building Your Personal Brand on LinkedIn - Expert Planet-  2024 Building Your Personal Brand on LinkedIn - Expert Planet-  2024
Building Your Personal Brand on LinkedIn - Expert Planet- 2024
 
Project Brief & Information Architecture Report
Project Brief & Information Architecture ReportProject Brief & Information Architecture Report
Project Brief & Information Architecture Report
 
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
IIBA® Melbourne - Navigating Business Analysis - Excellence for Career Growth...
 
Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
Transform Your Kitchen Essential Tips for Renovations in Launceston
Transform Your Kitchen Essential Tips for Renovations in LauncestonTransform Your Kitchen Essential Tips for Renovations in Launceston
Transform Your Kitchen Essential Tips for Renovations in Launceston
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating PerformanceSix Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
 
A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.A flour, rice and Suji company in Jhang.
A flour, rice and Suji company in Jhang.
 
AL Satwa Dubai Call Girls +971552825767 Call Girls In AL Karama
AL Satwa Dubai Call Girls +971552825767  Call Girls In AL KaramaAL Satwa Dubai Call Girls +971552825767  Call Girls In AL Karama
AL Satwa Dubai Call Girls +971552825767 Call Girls In AL Karama
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Online
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
Company Profile and SWOT Analysis Product List.pdf
Company Profile and SWOT Analysis Product List.pdfCompany Profile and SWOT Analysis Product List.pdf
Company Profile and SWOT Analysis Product List.pdf
 

GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design

  • 1. G D P R F T W ! O R , H OW I L E A R N E D TO STO P WO R RY I N G A N D LOV E P R I VACY BY D E S I G N @jeckman
  • 2. N OT E : I A M N OT A L AW Y E R @jeckman
  • 3. I N T H E B E G I N N I N G @jeckman
  • 4. C O O K I E S Photo by John Dancy on Unsplash @jeckman
  • 5. “One day in June 1994, Lou Montulli sat down at his keyboard to fix one of the biggest problems facing the fledgling World Wide Web -- and, as so often happens in the world of technology, he created another one. At 24, Mr. Montulli was the ninth employee [at] Netscape Communications. . . he quickly came up with an ingenious idea to address the problem and hammered out a five-page document describing the technology that he and co-workers would design to give the Web a memory. The solution called for each Web site's computer to place a small file on each visitor's machine that would track what the visitor's computer did at that site. . . . It was a turning point in the history of computing: at a stroke, cookies changed the Web from a place of discontinuous visits into a rich environment in which to shop, to play -- even, for some people, to live. Cookies fundamentally altered the nature of surfing the Web from being a relatively anonymous activity, like wandering the streets of a large city, to the kind of environment where records of one's transactions, movements and even desires could be stored, sorted, mined and sold.” - John Schwartz https://www.nytimes.com/2001/09/04/business/giving-web-a-memory-cost-its-users-privacy.html @jeckman
  • 7. P 3 P The Platform for Privacy Preferences Project (P3P) is an obsolete protocol allowing websites to declare their intended use of information they collect about web browser users. Designed to give users more control of their personal information when browsing, P3P was developed by the World Wide Web Consortium (W3C) and officially recommended on April 16, 2002. Development ceased shortly thereafter and there have been very few implementations of P3P. https://en.wikipedia.org/wiki/P3P https://www.w3.org/P3P/brochure.html @jeckman
  • 8. D O N OT T R AC K ( D N T ) https://www.eff.org/issues/do-not-track @jeckman
  • 9. D O N OT T R AC K ( D N T ) https://allaboutdnt.com/ @jeckman
  • 11. John Eckman • @jeckman • #wcpub – J O H N N Y A P P L E S E E D “Type a quote here.” https://www.betterads.org/ @jeckman
  • 13. E N T E R T H E G D P R @jeckman
  • 14. R E M E M B E R : I A M N OT A L AW Y E R @jeckman
  • 15. https://twitter.com/RebelEmG/status/988442580902989824 The General Data Protection Regulation (GDPR) is an EU regulation that went into effect on May 25th, 2018. GDPR aims to give individuals (EU citizens) more control over their personal data, by requiring that businesses gain more explicit consent from them to collect and use it. @jeckman
  • 16. https://twitter.com/lesteph/status/988401663810723840 Understanding: At its core, GDPR is designed to protect user data and empower users to have a better understanding of: 1. What data is being collected about them. 2. How and why their data is being used. Control: GDPR is also designed to give users better control over their data. Users must be able to: 1. Tell companies what they can/cannot do with their data. 2. Request a record of all data stored about them. 3. Amend any data stored about them if it is not correct. 4. Request the deletion of any/all data stored about them. @jeckman
  • 17. https://twitter.com/samnickerson/status/988673113109028864 Reach: GDPR is designed to protect all EU citizens and residents. It doesn’t matter whether the company capturing/ processing data is based in the EU, the only thing that matters is that the data you are capturing belongs to an EU Citizen.
 
 @jeckman
  • 18. https://twitter.com/AlbFreeman/status/988678211998449665 Individual Rights: All EU Citizens are entitled to a series of individual rights under GDPR. 1. The right to be informed 2. The right of access 3. The right to rectification 4. The right to erasure 5. The right to restrict processing 6. The right to data portability 7. The right to object 8. Rights in relation to automated decision making and profiling @jeckman
  • 19. https://twitter.com/everylilbreeze/status/997381429322571776 5 Areas of Focus: There are 5 areas that the GDPR focuses on. These provide a framework for data capture: 1. Purpose 2. Limited 3. Accurate 4. Time Limited 5. Secure @jeckman
  • 20. https://twitter.com/klillington/status/997063126322434049 Purpose: there are six legally acceptable reasons that a company can process user data. All data processing needs to fit into one of these categories and should be documented. 1. Consent: a user has given clear consent for you to process their personal data for a specific purpose. 2. Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. 3. Legal obligation: the processing is necessary for you to comply with the law. 4. Vital interests: the processing is necessary to protect someone’s life. 5. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. 6. Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. @jeckman
  • 21. https://twitter.com/CamHamTT/status/99994671805256 Limited: No data should be captured or stored unless it is specifically required for an approved data processing activity. Accurate: All data that is captured should be accurate and kept up to date for as long as it is stored. Users should be able to submit amendments to any data and records should then be updated accordingly. @jeckman
  • 22. https://twitter.com/evankirstel/status/1000344045221228544 Time Limited: Data should only be stored for as long as required to process the data. Once you are no longer processing the data, it should be deleted. Secure: All data processing and storage needs to be secure by design and security practices should be well documented. This includes both technical infrastructure as well as access rights/policies. @jeckman
  • 23. https://open.spotify.com/playlist/5Pe51v0sHLybSEkX0m0JRf Data principles: 1. Capture/store as little data as possible. 2. Document what data you are capturing/ storing, why where it is being stored and for how long. 3. Encrypt data wherever possible. 4. Use anonymised data wherever possible. 5. Make sure that any data you are capturing has an explicit opt-in. 6. Make it easy for users to make requests of their data. 7. Make sure to keep your data up-to-date and accurate. @jeckman
  • 24. P R I VACY BY D E S I G N Photo by Dayne Topkin on Unsplash @jeckman
  • 26. ST I L L N OT A L AW Y E R @jeckman
  • 27. W H AT D O I D O? @jeckman Photo by rawpixel on Unsplash
  • 28. Assess & Document: What data do we collect about visitors and customers? How is that data collected, stored, and used? What is the purpose for which that data is collected and used? How do we inform users of the purpose, intent, retention, and permissions with respect to their data? TA K E OW N E R S H I P Plan: What features on our site need to be revisited? Where can we limit our use of data, in scope, in timeline, or in purpose? Where can we limit our data gathering? How long will it take to get us into compliance? @jeckman
  • 29. D I V E R S I F Y R E V E N U E ST R E A M S Photo by Maria Imelda on Unsplash @jeckman
  • 30. C U LT I VAT E T R A N S PA R E N CY & H O N E ST Y Photo by Kelli Dougal on Unsplash @jeckman
  • 31. Don’t Panic: Enforcement of the GDPR will most likely first impact businesses with significant financial interests and assets in the EU. If you have enough financial presence in the EU, you can afford a GDPR compliance consultant. B U T I J U ST P U B L I S H A B LO G ! Have a Privacy Policy Be clear about what data you collect, how, and why Most Likely Impact: Third-party tools: • Analytics • Comments • Newsletters @jeckman
  • 32. F O C U S O N T H E S P I R I T O F T H E L AW, N OT J U ST T H E L E T T E R Photo by Maria Freyenbacher on Unsplash @jeckman
  • 33. D I D I M E N T I O N I A M N OT A L AW Y E R ? @jeckman
  • 35. Thank You! Feedback Welcome: @jeckman or john.eckman@10up.com