Implementing data privacy with Sugar 8

Hi peeps! My name is Kristján Geir Mathiesen and I work for Origo, an Icelandic Sugar partner. I´ve enjoyed attending SugarCon for the last three years - this year was just as much fun as ever

Me being from Europe and the year being 2018, GDPR has been on my mind and to do list for the past 18 months. When I looked over the SugarCon agenda and saw that David Wheeler was doing a presentation on data privacy, I just knew I had to attend it.

 Below are some of the highlights that stood out for me.

  • Consent should always be stored with audits and how it was obtained - basis for the processing is additionally very important.
  • Basis for processing must be checked and re-checked since the basis for processing might be revoked at any time! Make sure the basis are kept up to date.
  • Great idea to audit anything that relates to data privacy - including the source - to make any post-work easier to perform.
  • Sugar recommends: Don´t erase records, erase content of records.

  • New ErasureFieldList function was added for manual erase (see code in slides).
  • Personally Identifiable Information (PII) is tricky and can be delusive, like the 2006 paper reveals in this slide:

David´s presentation is called "Deep Dive into Data Privacy Architecture."  You can check out his slides here.

  • Thanks for sharing Kristjan! Working with the MailChimp integration, GDPR was definitely scary. We were glad to see Sugar's data privacy module and new functionality but have not had ample time to explore everything. It'll be great to look through the slides and information since we were stuck at the booth and couldn't attend. 

    Always good to see you at SugarCon, too. 

    Cheers!

    Jon