Community feedback on the new GDPR for WordPress project, created by WordCamp Denmark organizer Kåre Mulvad Steffensen and WP Pusher creator Peter Suhm, has started rolling in after the two launched a survey for developers. The project aims to provide an industry standard for getting plugins compliant with EU General Data Protection Regulation (GDPR) legislation ahead of the May 2018 deadline.
Steffensen published some initial results of the survey after having it open for two weeks. So far, 90% of respondents have answered that they would consider implementing a GDPR “file” types solution for their plugins if a standard was available. Only 4.9% of the 40 developers who responded said they have a plan for making their plugins GDPR compliant and 43.9% said they do not currently have a plan. The remaining 24.4% were developers of plugins that do not handle personal data.
“Our talks with Paul Sieminski from Automattic and Dovy Paukstys from the Redux options framework have reassured us that we still do have a need for a GDPR structure which can help the community establish a basis for handling GDPR compliance,” Steffensen said.
Steffensen and Suhm created a GitHub repository where they have outlined their proposal for a PHP object interface that plugin developers could add to their codebases as a standard way of indicating how their plugins work with personal data.
“The nature of such an interface puts some responsibility in the hands of the developer to identify any place personal data is stored,” Steffensen said. “What kind of data it is, and for what purpose as well as how it should be handled upon deletion. The Interface approach will allow a community-wide adoption, without setting limitations on how plugin developers choose to work with their data – something we obviously can’t control.”
The idea is that plugin developers could then build other tools on top of this framework using specific functions that correspond to GDPR requirements, such as functions that allow users to access their data, implement the right to be forgotten, report data breaches, and delete and anonymize data. Developers could also build plugins that offer a plain language description of what personal data a plugin collects and how it is handled.
In speaking with Dovy Paukstys on how this could work with Redux, Steffensen said the options framework may be able to facilitate compliance for the 500,000+ sites where it is active and the developers who use it to build plugins.
“Dovy from Redux has a coder’s view on this,” Steffensen said. “Our object interface (PHP) would be something his framework could provide an easy way to utilize for the many developers using Redux. The redux users (developers) could essentially do this themselves also, but since Redux is a framework it makes sense to see if they can build something that will make it near instant for developers to provide compliance for the GDPR.”
Steffensen said the team is aware that the first version of the interface will not render plugins, and by extension their sites, instantly compliant. The interface they are proposing is not one that could be held legally accountable, but the goal is to make it possible for developers to build accountable systems on top of it.
GDPR for WordPress Project Founders Consider Accepting Sponsorships
With 189 days remaining before the GDPR goes into effect, the team will need to work quickly to make a solution available with enough time for interested developers to incorporate it into their plugins. They have not yet set up a way to accept donations but are considering it.
“We aren’t actively seeking funding, but would love any funds that would help us allocate the time needed to keep the momentum going,” Steffensen said. “We’re lucky that the WP Tavern article brought attention to our GDPR approach and have caught the eyes of some of the key players in the ecosystem. One such company is Mailpoet that was the first to raise the idea of sponsoring our work.”
Steffensen works at Peytz.dk, a Danish WordPress agency that wants to support the community and has allocated some of his time to work on the project. He said any funding/donations they receive would be spent on pushing the roadmap forward, investing time in coding, and possibly seeking further advice from people who they cannot expect to be in it for free.
In addition to looking at ways to receive donations, the team plans to keep the survey open for developers for awhile longer to try to make more connections in the community. Steffensen said they hope respondents will help them gain insight on the developer community’s readiness and also enable them to reach out to any plugin owners who could play a key role in a wider adoption.
Thanks for sharing and raising awareness for the GDPR. It’s so easy to just ignore it.