To be clear, there are two totally different aspects to GDPR compliance.
The WikiMedia Foundation can be compliant - or risk the penalties for
non-compliance. And totally separately, those third-party users of
MediaWiki software, who use it to run their own public and private
websites, are also subject to the legislation. It is this external
audience that I am concerned with. It is the features and capabilities of
the MediaWiki software to anonymize user data, retrieve, report, download,
delete this data that helps organizations comply with the GDPR. For
example, Drupal has a module called "General Data Protection Regulation
(GDPR) - Obfuscated SQL Dump" that when enabled, allows you to select those
data fields in your Drupal schema that you determine to contain sensitive
data, and then it obfuscates those fields so that developers can load data
without leaking sensitive information. And the main GDPR module for Drupal
provides a checklist for site administrators to do a self-assessment in an
effort to ensure their website is in compliance.
On Wed, May 16, 2018 at 4:11 PM, James Hare <jamesmhare(a)gmail.com> wrote:
On May 16, 2018 at 1:00:13 PM, Greg Rundlett
Is anything happening at WMF to assist corporate compliance directors and
site administrators, who run MediaWiki, in their obligations with respect
May 25th is right around the corner. Projects like Drupal, CiviCRM,
Discourse, Platform.sh; plus every major software vendor and social website
is announcing their compliance with GDPR and/or has a publicly visible
project and discussion about compliance. I can't find any information
regarding GDPR compliance with regards to websites powered by MediaWiki.
The 'Scrum of Scrums' message from today does not mention GDPR. I did find
information about how Wikimedia Sweden is tackling the issue. 
Part of the draft Wikimedia Foundation annual plan for this coming fiscal
year (starting July 1) includes work on GDPR compliance: <
disclosure, I am not involved in this program, but have some familiarity
with the Foundation’s efforts toward privacy and security.
Technically speaking the final plan hasn’t been approved yet (that’s up to
the board) but I think what will end up being approved will be materially
similar to this current draft.