GDPR compliance steps for Drupal Developers
Nathan Page
The new GDPR laws are here, hurrah!
Having a number of developers handling databases from a number of client sites could easily be a nightmare, but we at ComputerMinds spent quite some time thinking about how to get and keep everybody safe and squeaky clean on the personal data front.
Here's a quick run-down of the key things to be aware of - and a pretty poster to help you keep it all in mind :)
Remove personal data from your system
- Review all databases on your computer, making sure to consider also those .sql dump files still sat in your downloads directory or your Recycle bin/trash.
- If there are databases that you need to keep on your system, then you must sanitize them by encrypting, anonymizing or removing personal data.
- Review all testing / UAT environments and ensure they're running off sanitized databases where possible.
Stay clean by using sanitized databases
Set up some _drush_sql_sync_sanitize() hooks to deal with personal data stored on your site. Then either have your Jenkins server use it to provide sanitized dumps, or ensure that your developers use it to sanitize databases immediately after importing.
When setting up your hook, make sure to consider things like:
- User table - clear out email addresses, usernames etc.
- Custom fields on users - names, telephone numbers etc. that you've added.
- Webform / contact form submissions - make sure that your Webform / contact form data gets cleared out. Webform 7.12 and above has these hooks included, but it's good to double-check.
- Commerce order table - you'll need to remove personal data from the commerce orders.
- Commerce profile tables - make sure that the personal data in the profiles gets anonymized or removed.
- Commerce payment gateway callback tables - these will have detailed payment transaction data, and absolutely must be cleared out.
- URL aliases & redirects - by default Drupal sets up aliases for users' usernames, so you'll need to review those tables.
- Comments - these usually have name, email and website fields that will need clearing out. But their body content may also have personal data in too, so you might be better off just binning the lot.
- Watchdog / logging tables - these take up lots of space, so you probably don't want to export them off the live site anyway, but think seriously about the personal data inside if you do decide you want to import them elsewhere. Truncate recommended.
- Cache tables - these can be huge, so you probably don't want to export them off the live site anyway, but think seriously about the personal data inside if you do decide you want to import them elsewhere. Truncate recommended.
This is certainly not a complete list, but we can't tell you what custom fun you've implemented on your site - so its' down to you to go check your tables!
Stay vigilant
- Ensure future development environments and UAT/test environments are built using sanitized databases.
- If you receive user data via email, immediately delete the email and attachments and reprimand the sender!
- Talk to your clients about changes that need to be made to their sites.