To be clear, there are two totally different aspects to GDPR compliance. The WikiMedia Foundation can be compliant - or risk the penalties for non-compliance. And totally separately, those third-party users of MediaWiki software, who use it to run their own public and private websites, are also subject to the legislation. It is this external audience that I am concerned with. It is the features and capabilities of the MediaWiki software to anonymize user data, retrieve, report, download, delete this data that helps organizations comply with the GDPR. For example, Drupal has a module called "General Data Protection Regulation (GDPR) - Obfuscated SQL Dump" that when enabled, allows you to select those data fields in your Drupal schema that you determine to contain sensitive data, and then it obfuscates those fields so that developers can load data without leaking sensitive information. And the main GDPR module for Drupal provides a checklist for site administrators to do a self-assessment in an effort to ensure their website is in compliance.
~ Greg
Greg Rundlett https://eQuality-Tech.com https://freephile.org
On Wed, May 16, 2018 at 4:11 PM, James Hare jamesmhare@gmail.com wrote:
On May 16, 2018 at 1:00:13 PM, Greg Rundlett (freephile) ( greg@freephile.com) wrote:
Bump.
Is anything happening at WMF to assist corporate compliance directors and site administrators, who run MediaWiki, in their obligations with respect to GDPR?
May 25th is right around the corner. Projects like Drupal, CiviCRM, Discourse, Platform.sh; plus every major software vendor and social website is announcing their compliance with GDPR and/or has a publicly visible project and discussion about compliance. I can't find any information regarding GDPR compliance with regards to websites powered by MediaWiki. The 'Scrum of Scrums' message from today does not mention GDPR. I did find information about how Wikimedia Sweden is tackling the issue. [1]
[1] https://se.wikimedia.org/wiki/Kategori:GDPR
Part of the draft Wikimedia Foundation annual plan for this coming fiscal year (starting July 1) includes work on GDPR compliance: < https://www.mediawiki.org/wiki/Wikimedia_Technology/ Annual_Plans/FY2019/CDP1:_Privacy,_Security,_and_Data_Management>. Full disclosure, I am not involved in this program, but have some familiarity with the Foundation’s efforts toward privacy and security.
Technically speaking the final plan hasn’t been approved yet (that’s up to the board) but I think what will end up being approved will be materially similar to this current draft.
Cheers,
James Hare