Thanks to Jam from OSP for sharing!
In this interview with Georg Ringer, TYPO3 Core Team member and GDPR Team Lead at the TYPO3 Developer Days 2018, we talk about how TYPO3 CMS is ready to help you with GDPR compliance now and how its development philosophy and constant improvements are only making it better over time.
The TYPO3 Developer Days 2018 were held in June in Düsseldorf, Germany as one of a series of specialized events throughout the TYPO3 community year. Others include the TYPO3 User Experience Week, TYPO3 Con, Marketing Sprints, University Day, and TYPO3 Board (a week of community winter sports plus work on the CMS!). These events bring people of like-minds together to share knowledge, build connections, and work on improvements to the project.
I had the great pleasure of capturing a conversation with Georg Ringer. He is the TYPO3 CMS GDPR Initiative Lead, a TYPO3 Core Team developer, and Security Team member. Georg has been working with TYPO3 CMS for more than 10 years and has a lot of extensions to his name. In Düsseldorf, he gave a talk about (what else?) TYPO3 & GDPR :-)
Georg explains that many of us who build, run, or own websites, “all deal with private information and it’s getting more. We need to think about storing it,” we need to consider how to deal with it in the future, “and it’s important that TYPO3 does comply with the GDPR,” as a part of the overall privacy and compliance structures in your organization.
While GDPR is not only a technical problem, as open source developers, we can make tools that help other people and make it easier for them to do the right thing. Georg explains how TYPO3 CMS helps you with GDPR compliance in a number of ways, “We have APIs to anonymize IP addresses with CLI tasks if you don’t need the information anymore, stuff like randomization, taking care that only information that is really needed is stored, a good user management tool so backend users and editors only see the information they really need, but not,” for example, “orders and private information.
Learn more: GDPR- What you need to know
Read a detailed article on How to Make Your TYPO3 Application GDPR Compliant
“It was important, of course, to comply before the 25th of May,” when the regulation came into effect, “and so the full TYPO3 core itself is ready for GDPR and we are building more tools which help extension developers and site owners to comply with their own extensions.” TYPO3 core supports compliance and the Core and GDPR Core Teams are building the structures to make it easier for other developers to build compliant extensions and other applications.
Georg is the creator and maintainer of the TYPO3 GDPR extension, which he offers in both free and paid-supported versions. “I do a GDPR extension because it is far easier to try stuff out,” in an extension than make changes to the core. “While being the Lead of the GDPR Initiative in the TYPO3 Core, I already moved a lot of features from there into the public core. More features I am trying out in the extension will move into the core, so they’re available for everybody.”
Georg uses the GDPR extension in part as a kind of sandbox to test and develop new features that are intended for the core, “But it’s not only a sandbox. You can really use it in production.” The paid version supports new development, making this project sustainable. “The subscription model helps me develop new features and if they are stable enough, I try to move them fully into the public … ideally into the core, yes.”
“TYPO3 does a lot of stuff right from the beginning,” the core developers want strong, stable, secure feature implementations, “so it’s not always the first tool that is implementing something,” but when it’s in there, “it tries to support it as long as possible. So you can use an old version and update it to the next version in a few hours, keeping the content where it is and using it again.”
This reliability includes a regular release cycle with major versions being released every 18 months, “We have a roadmap and we keep our promise to release Version 9 in October 2018, and the nice thing is that customers are already coming to us,” about launching sites in the new major version. “Development can already start with 9.3, 9.4 is already in the making. With the Sprint Releases, they get new updates and when the LTS [Long Term Support release] is there, they get the final update and have their LTS version.