On May 25th, 2018, the new European data protection regulation GDPR will become effective. It also has several requirements for software collecting any kind of personal data. MediaWiki collects this kind of data in user tables, edit history and action logs.
In this workshop, we will go through the requirements of GDPR and see if and how MediaWiki complies with them. The requirements are:
- Right to access and be informed
- Right to rectification
- Right to be forgotten
- Right to data portability
- Right to restrict / object processing
- Breach notification
The desired outcome is
- a document which positions MediaWiki in the light of GDPR requirements (IS description), see for example https://www.easyredmine.com/contacts/gdpr-compliance?utm_content=body_CTA1&utm_source=newsletter&utm_medium=email&utm_campaign=NWL_1805-redmine-gdpr-ready-clients
- a list of features needed to comply (maybe to be given to extension developers)
Documentation of the workshop
* Public YouTube stream on MediaWiki channel: https://www.youtube.com/watch?v=uxTIpr4Ybcg
* Slides: https://docs.google.com/presentation/d/1TYbJoZ8SRUe_37mYjIvnVDwpyrrpUNwk6d7ShG3A7Bk/edit?usp=sharing
* Etherpad: https://etherpad.wikimedia.org/p/gdpr