General Data Protection Regulation

"the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 - at which time those organizations in non-compliance will face heavy fines." – http://www.eugdpr.org/

This module aims to help site admins follow the guidelines and legislation set by the EU.

GDPR module documentation is now available.

Installing and using this module pack does not mean your site becomes GDPR compliant. GDPR affects the whole organization, this module aims to help to understand its Drupal relations and tries to provide helper tools to make your site GDPR compliant.

Current features

• Checklist for site admin incl. automated content, module and configuration discovery (e.g. cookie consent, check if there is privacy policy page etc) displaying the current status on a progress bar and also placing a link on the status report page.
• GDPR consent submodule (D8 only) which allows setting up "agreements" and track the consent per user.
• GDPR fields submodule (D8 only) to mark personal data on field level. Handling of incoming requests eg. for deletion are handled by the GDPR tasks submodule.
• GDPR tasks submodule with various site management operations:
  • Handle and track requests coming from users (data subjects).
  • Allow users to initiate “forget me” and "export" action at site administrators.
• Drush command of drush gdpr-sql-dump with the primary goal of preventing developers from accessing sensitive personal data of site users by obfuscating configured fields of the SQL dumps. Under heavy development:

Module versions

1. 7.x-1.x is the main version for Drupal 7. It aims to have feature parity with the Drupal 8 version unless the technology difference doesn't allow it.
2. 8.x-1.x contains the Drush 8 version of GDPR Dump. Other than that, it aims to have feature parity with the 2.x version.
3. 8.x-2.x is the main version for Drupal 8 and contains the Drush 9 version of GDPR Dump. Other than that, it aims to have feature parity with the 1.x version.

Incompatible modules

Drupal 7

The GDPR Consent module is not compatible with the GDPR module.

Drupal 8

None to our knowledge.

Future features

• GDPR views data export to track data flowing out from Drupal
• Sync configuration of GDPR fields to GDPR dump
• More items and recommendations to checklist
• Make API for other contrib modules to announce user data stored
• ...and what you suggest: feature requests are welcome!

D8 & D7

Maintainers' clear goal is to continuously provide the same feature set both for Drupal 7 and Drupal 8, with no (or the minimum) difference. Therefore don't worry, even if the feature request issues are mostly assigned to 8.x branch, it means only saving the time of creating duplications for D7 too.

Dependency

Various submodules require different other modules:

• gdpr (main): Checklist API
• gdpr_consent: Token, Message, Entity Reference Revisions
• gdpr_fields: Ctools
• gdpr_dump: Hidden author (aka. Anonymizer)
• gdpr_tasks: Hidden author (aka. Anonymizer), Ctools, Entity

Note: Starting from 8.x-1.0-alpha15, ctools is no longer a dependency.
Note: For up-to-date dependencies you should check the composer.json and module info.yml files for the main and submodules.

Contribution

To contribute you can open new issues, comment on existing ones or create merge requests (or patches).