Sometimes it’s hard to get straight answers to our most burning questions. One of the most burning questions these days is certainly related to the new EU GDPR legislation – how data really should be handled and how it should be protected.
In this 1st Episode of Ask Paulie Anything, I’m going to answer this question with the hopes that it will be helpful for many people out there.
Hello, and welcome to Ask Paulie Anything.
So I had an idea a few weeks ago that I’d put myself out there a little bit and make myself available for questions that people might have.
I said in the emails that I sent that you could ask me anything, obviously within reason, and I got loads of different questions some of which I can’t answer; some of which I won’t answer. 🙂
But on the whole, it was quite interesting to find out the sort of things you guys and girls were thinking about, or trouble that you had.
So what I’m going to try to do – for as long as it makes sense to do so – is to put out a Q&A (it might be only 1 or 2 questions per video) and see if I can start making some headway with some of your questions and hopefully provide a little bit of help, clarification, guidance for people.
One thing that’s put me off doing this is like anybody putting themselves out there like “What if you get it wrong? What if you give the wrong answer?”.
And you know what? That’s very possible. So don’t take my advice as the one true word and everything I say is “gospel”. It’s nothing like that.
I’m going to put out there what I think is the answer to your question, and if I don’t know the answer, but I can point you to the answer or to the next step in finding your answer, I will. But don’t hold me to account on 100% accuracy of it. I will just tell you what I think I know and you can dig around that as you please and take it for whatever value that you want to take it for.
So, I’ve sent an email a couple of weeks ago about Ask Paulie Anything. I’ve collected the questions sent and a kind of gone back and forth on whether or not I actually want to do this. Even while recording this first video now (this is not the first take) is a little bit nerve-racking putting yourself out there, especially on video for the whole world to see you get it wrong.
But then… if I thought like that about everything, then I’d never do it. So I’ve come to the conclusion that I’ll just put it out and see what happens. 🙂
On another note, this is a video and transcribing this is a lot of work and a lot of effort. There are some options I’m looking up to make that a little bit easier so we may or may not transcribe it.
I received an email reply from someone saying that “there are other people in the industry that had tried this but they got burnt because people complained that they didn’t like video or they only wanted to read it”.
But, you know what? If video isn’t for you, then you probably wouldn’t have made it to this point anyway, in this riveting video. Basically, we’ll do what we can to get the information that’s in these videos in a format that reaches as many people as we can, but we make no promises on that. So, bear with us while we get there! 🙂
I’m going to answer 2 questions today.
The first question is a topic that is something that we’re working on and I hope that everyone else who has business dealing in the EU is working on this as well. If you haven’t guessed by now what I’m talking about, it’s the EU General Data Protection Regulation (GDPR) that comes into force on May 25th, 2018. What that’s basically doing is bringing the world, or at least the EU anyway, up to speed.
I’m going to tell you how really, frankly in my opinion, data should be handled and how it should be protected.
I think this is a great thing, that everyone should be doing this long before GDPR came into effect. It’s a lot of pain for people and it’s a bit of a pain for us too, not because we’re not handling our data correctly but rather because it’s maybe not as documented or as process-driven as we’d like. What we’re currently doing is documenting a lot of what we’re doing – updating our Policies and Terms & Conditions so that we accurately communicate our position on data and privacy.
One of the questions that we had was basically looking (as a lot of people are) for some sort of guidance and checklist, something you can check off about the GDPR and get yourself GDPR compliant. There are some resources that you can use to help you get through this but unfortunately, there is no checklist, no software or ‘install and forget’, and certainly there’s no WordPress plugin that will get you to GDPR compliance. In fact, I believe the WordPress.org plugin guidelines have been updated to ensure the plugin authors are not putting in their plugins that they will offer you 100% or at least close to 100% GDPR compliance because this is impossible. That’s not going to happen!
Our position on GDPR, or at least what we’re doing for GDPR compliance, really comes down to data. Now, you might have a very simple system, a very simple organisation and you have data coming into your system from very few sources. By data, I mean everything that could be used to potentially identify an individual. If you are receiving an email address from the signup form, if you are collecting IP addresses and then later they could be mapped to user logins, that is to say “user email addresses” – anything that has data that contains personally identifiable information you have to audit this.
What does that mean?
That means throughout your whole organisation you need to go through every single entry point of data and that is, for example:
- signup forms;
- visitors to your websites; and
- syndication of data.
Data comes to us – maybe someone signs-up for iControlWP – and then we push that data or maybe the name and an email address to an onboarding campaign or onboarding series of emails, or we put it into the email marketing platform, or we use it with analytics of some sort… basically anything. Any entry point of data and where that data is syndicated to, and also, of course, how that data is stored.
So, is it always appropriate to encrypt the data?
Not necessarily always, but is it such a task to do so? We don’t think so. We’ve been encrypting our data since we launched iControlWP. There are a couple of areas where we’re not encrypting the data that is personally identifiable, but we have audited and ensured that there is secure access around that data.
So what you’re looking to do with GDPR is basically manage all your customer data the way you would expect your own customer data to be handled.
For example, we’ll take Facebook.
When you signup the Facebook, you agree to their Terms & Conditions, and from what I understand with the whole backlash against Facebook at the moment, they haven’t really done a whole lot wrong. We’ve all signed up to their Terms & Conditions, we’ve all decided to agree to those. Now, how your data gets thrown about when your friends enter competitions and somehow these other organisations can pull in your data, that’s not ideal. But again, when you signup the free service like Facebook that’s the price you pay for your data. So, nobody likes their own data to be thrown about, by the looks of it carelessly, though it’s not careless, but it’s being distributed.
How would you like your data to be handled when you signup a company? Would you like it to be encrypted? Would you like safeguards around that? Would you like to be able to tell that company to remove your data?
Well, if so, I think that’s completely fair but, how are you handling the data that is going into your company? What do you do with email addresses? Do you fire them off to a MailChimp and let them look after it? Well, is MailChimp GDPR compliant? If it’s not then, as an E.U. provider of services then you can’t use MailChimp. In this example, MailChimp is essentially GDPR compliant because they implement the U.S. privacy shield. I’d need to look into it in further details but essentially they will be usable by May 25th for EU companies.
But my point is that you need to audit your data – everything that’s coming in, what you’re doing with it and when you’re getting rid of it.
There’s a whole lot more to GDPR than that. There’s a really good article called “GDPR requirements in plain English”. If you Google about the title with the name Varonis that will nicely break down the GDPR in a human-readable form and give you a little bit of a framework to get started if you haven’t started already. So, that’s just a little bit on GDPR. It doesn’t go into any depth because this is not the format to go into depth of GDPR but just a little bit on my take on GDPR.
Start with your data and then go from there basically.
Second Question: More About Me
The second question is something that Scott’s asked me. He wants to know a little bit more about me, who I am, how I got started and where I’m going with the whole thing. It’s sort of a big question, hard to know where to begin…
Basically, I started all this about 5 or 6 years ago with the launch of iControlWP. Before that, I was doing some website development. I wouldn’t say “designing websites” because anyone that’s seen my stuff will know that I’m not a great designer, but just doing software development and managing a few WordPress websites.
Not being able to manage them effectively was what drove us to first build iControlWP because at that time there was nothing out there to do it.
That’s all evolved and we released, created what was called the WP Simple Firewall, which was an answer to the problem of reliable WordPress security plugins, which was a real problem 4-5 years ago. Much less so now.
Rather than do what a lot of them were doing, which was copy the functions and the features of each other, we decided to start from scratch, learn it and build a security plugin that was reliable, that didn’t and wouldn’t lock you out irretrievably, especially if you had no technical skills in order to get yourself back in if you were locked out. That’s slowly grown on to be one of the most popular security plugins on the WordPress repository.
Then in November last year (2017), we launched the One Dollar Plugin platform and that’s where we distribute our Shield Security Pro plugin which is extensions to the basic Shield Security plugin and it also provides support.
Where am I going with all of this?
It comes down to what I’m motivated by.
I’ve been asked recently “Why have we built the One Dollar Plugin? What’s the point?”.
The whole point of what I’m doing right now is to make high-quality WordPress plugins available to everybody. It’s not sustainable to build high-quality plugins and support them in your spare time. I think the amount of time that goes into building a plugin, developing and fixing bugs (which is inevitable) and maintaining the ongoing development of that plugin… the time that goes into that is grossly underestimated out there. That’s why we launched Pro. We didn’t necessarily believe that we would launch a Pro version in the future. That’s not why we built Shield. But in order to maintain it and retain the quality that it has and allow it to grow as technology develops. The only way to do that is with a team and the only way to have a team is to have it paid for. It’s no more complex than that and that’s why we’ve built Pro and that’s why we’ve built the One Dollar Plugin.
It is our hope that we can maintain the ongoing development of Shield, add new features, improve our support, improve our speed and development time by getting support basically from the community, from people that want those extra features and that want to support it.
We can charge $10 a month for that or a $100 a year or whatever you like, but that doesn’t really fit into our goal. Our goal is getting that out there to everybody and the only way to do this is to make it accessible to everyone. To make it accessible, it has to be priced at a position that money is not an excuse anymore to support the project.
And that’s where we’re going with One Dollar Plugin. We’ve got quite a number of plugins that we want to build. It does take time to build those because we only want to release high-quality plugins that are reliable and again $1 will be the price by we’ve been doing that.
So the current direction that we’re taking this is not only building these plugins in a way that speeds up the development of them into the future but also to retain the reliability. I’m working on that at the moment and once we nail that we’ll be building more plugins into the One Dollar Plugin platform and that’s exactly where we’re headed.
Further and beyond that, there’s no way to know… One Dollar Plugin was really only of in the middle of last year, we got it built in November. These things just take time, the new ideas and new direction could come from anywhere at any time. So we’re committed to the long whole for the One Dollar Plugin and of course iControlWP which is where a lot of our code and our solutions come from.
And, so I hope that answers the basic question of who I am. I’m Paul. I live in Belfast in Northern Ireland and hopefully, my accent in this video isn’t too strong. 😀 I tried to soften it, knowing my international audience. I’m hoping that these videos will allow me to connect a lot better with you and in a lot more scalable way than the support helpdesk, which doesn’t really scale. I’m also hoping that with these questions, that you guys will give me, we can have this ongoing discussion into the future. Let’s see how it goes. This is the first video and hopefully, it’s not the last. 😀
And of course, if you have any comments or questions about this video or any of the questions that I have supposedly tried to answer, or you have any questions maybe to follow up or original questions you want to ask, we provide a link for that somewhere below, above or to the side of this video where you’re watching it.
Thanks for watching! I hope that in some way this was helpful. Obviously, there’s so much detail we could go into, for example, with the GDPR. If you like this video, please let us know you like it. If you’re watching it, you can hit the “Subscribe” button and you’ll be notified of new videos.
Looking forward to the next video and to seeing you there…