Transcript

00:00 ready go to law school my god that
00:18 part's really loud in my headphones I
00:20 used to go hiking in choice there I do
00:23 like it I do and I actually got a couple
00:25 feedback from people saying that they
00:26 loved it so you know nice nice well here
00:30 we are again Joe how does it feel to be
00:32 an internet celebrity oh yeah we are
00:34 what what this is gonna be episode
50:36 that's pretty cool dude 5 were on a roll
00:39 we are we got a streak going
00:41 we are neither of us we were ready to
00:44 exit today but right now we got to jump
00:47 on here we got to get the ball rolling
00:48 we cannot leave our li our leave our
00:51 listeners behind we are here for you
00:54 don't you all feel special yes and and
00:59 to show that we are taking on a topic
01:02 that I was reluctant to do yes yeah you
01:06 know not them not the most
01:09 exciting thing to talk about on a nice
01:12 evening like like you have tonight so
01:14 let's get all of our disclaimers out and
01:16 on the table Greg and I are not lawyers
01:19 so please do not take this at face value
01:22 and if you feel that you need more
01:25 information definitely consult an actual
01:29 lawyer probably one that's it from the
01:31 actual European Union because me and
01:33 Greg aren't so please please make sure
01:37 that you know that we are not lawyers
01:38 this is not official legal advice this
01:41 is purely our opinions of what we've
01:43 read about gdpr over the last week or so
01:48 and as you know everything you read on
01:51 the Internet is 100% accurate not true
01:58 not true everybody legal advice legal
02:00 advice disclaimer yes yes I was gonna
02:03 totally like download like a disclaimer
02:04 like buh buh buh disclaimer disclaimer
02:07 like legal alert thing I totally forgot
02:09 I was gonna do that for this episode oh
02:10 well there we go I just had it buh buh
02:12 buh buh legal alert I we're not lawyers
02:15 need one yeah homemade one exactly
02:17 anything so we feel this meant you feel
02:22 to see what the actual topic is today oh
02:23 yeah so we're gonna be talking about the
02:26 lovely European Union and the new gdpr
02:30 law that was recently passed and kind of
02:34 how it affects the common you know small
02:38 business rapidweaver user you know
02:41 obviously there this thing is huge
02:43 I did read through a summary of there
02:46 are 99 articles and I read a summary
02:49 someone like wrote a plain English
02:51 version of it I read the whole thing it
02:53 was it was tough to get through but I
02:56 did read the whole thing
02:57 at least the plain English version this
03:00 guy's version of it right I didn't read
03:02 the official version but it is big we
03:06 only have you know 30 minutes tops on
03:07 this podcast so yeah we're not gonna be
03:11 able to cover the ins and outs of
03:12 everything but I think we can kind of
03:13 give everyone a basic gist of kind of
03:16 the overview and how it affects them and
03:19 how it doesn't affect them which is
03:21 probably going to be most
03:23 of of this right I think a lot of this
03:25 is common sense yeah I feel like I
03:28 started to go through this I and first
03:30 off it's of massive undertaking and
03:34 almost kudos for pulling something like
03:36 this off and getting it passed through
03:38 and negotiating something that's large
03:40 you know it's kind of like props in
03:42 itself in this day and age right but
03:45 just just reading through some of these
03:47 things and I can understand why people
03:50 are so afraid and rapidweaver users are
03:53 getting so intimidated by it it's just
03:55 because it seems to be targeted at
03:58 companies that do data mining for a
04:00 living you know those companies that
04:02 aggregate and sulk user users and and
04:07 their personal information for profit
04:09 and I got to the point going through
04:12 some of these websites and some some of
04:14 these tutorials and comments on it and
04:17 just hit me that this isn't as scary
04:20 people building rapidweaver sites are
04:25 these businesses you know and I think
04:27 being compliant in a rabu oversight it
04:30 boils down to some pretty basic changes
04:35 that almost everybody can do I don't I
04:38 don't think it's as a as scary and it's
04:41 gonna be as challenging as a lot of
04:45 people kind of make it out to be sure I
04:47 mean reading through it it definitely
04:48 has a complete thing of like you know
04:52 politicians thinking they understand
04:54 technology and trying to write laws for
04:56 them um a little off topic but I read
04:59 this thing on github as on their on
05:01 their blog right now they just posted it
05:02 about a week ago how the EU is trying to
05:06 pass another law that requires platforms
05:09 to filter upload new content that
05:11 includes like so like forget hubs
05:13 perspective you know it would be github
05:15 x' responsibility to make sure that any
05:18 code that was uploaded was not
05:19 copyrighted and you know doesn't violate
05:22 somebody else's you know trademark or
05:25 copyright or any other thing that's just
05:26 ridiculous right now that obviously
05:29 that's more ridiculous than I think this
05:31 gdpr thing is but
05:35 on the flip side I so I've talked to a
05:37 lot of you know rapid uber customers
05:39 about this primarily ones from the UK
05:42 and Germany and whatnot so members of
05:45 the EU well at least currently
05:48 brexit and
05:51 a lot of this you know that a lot of
05:53 them are taking it kind of like how the
05:54 cookie law came out a few years ago and
05:58 how something like this and this really
06:01 is true is completely impossible to
06:05 manage from a new perspective right I
06:08 mean there is millions of websites
06:09 there's no way that they could they
06:11 could police this it really is
06:13 impossible so it's it's mostly just I
06:15 think this is just a guideline of you
06:18 know common practices that they they
06:20 feel that every business and website
06:22 should have for their end users but as
06:27 of right now it really is impossible
06:29 especially for people outside of the EU
06:31 for the EU governing bodies to regulate
06:35 it's just really impossible not just
06:37 saying that you shouldn't try to follow
06:38 it but I think the the threats the end
06:42 that the scare tactics that people are
06:44 falling for are just completely insane
06:48 yeah I I didn't do agree and what I'll
06:53 end up sharing in the show notes is
06:54 probably
06:56 I'll probably share one or two articles
06:58 that kind of like puts the tipping point
07:00 for me for just having a realization
07:03 that you know I don't even feel like I
07:06 fall in far violation of what they're
07:11 looking for us to accomplish mm-hmm and
07:13 I think you know I think I'll make the
07:15 changes because I want to be welcoming
07:19 to our EU friends so I'll make a few
07:21 changes to my website in particular my
07:24 contact forms just so you know I show
07:27 that in good faith that I'm doing these
07:29 things mm-hmm and I and we should go
07:33 into some of those details huh sure uh
07:35 how you want to tackle this huh are you
07:39 gonna make change into your website you
07:40 think um yeah I'll definitely make some
07:43 um you know some of the simple ones like
07:45 you know the contact form you can just
07:47 you know add a couple more fields to you
07:49 know regulate that I'll definitely take
07:52 a lot of this into perspective I'm not
07:55 I'm not how to present sure how far to
07:58 go with it yet um you know because I
08:01 integrate with things like PayPal so I
08:02 am I responsible for what PayPal does
08:05 and what data PayPal has you know and at
08:10 that point I'm kind of like you know
08:12 okay here you have to contact PayPal for
08:14 that stuff but you know stuff that I
08:16 came in and because it's like I'm
08:18 right you know I have on analytics like
08:20 Google Analytics or you know a peewit
08:21 get it okay yeah I'm not gonna be
08:25 responsible for their stuff they have
08:26 their own tools to do this they've been
08:28 working on yet porting this yeah so
08:31 well technically analytics doesn't log
08:32 any personal data that could be oh I
08:35 guess we're kind of jumping into it
08:36 right but um you know any data that can
08:39 be directly referenced to an exact
08:42 individual right but my point being is
08:45 that these companies these services
08:48 their responsibility my company my
08:51 services get responsible yeah yeah yeah
08:53 you know makes sense yeah but you know
08:57 you talked a little bit about contact
08:59 porn changes and that's probably the
09:01 first thing that I'm going to do
09:04 and
09:06 it seems to be as simple as a check
09:09 Spock a check box right that's all you
09:11 need to do
09:13 and it's required for the user to check
09:15 to authorize consent to you know collect
09:18 their information to follow up with them
09:20 yes well one thing is is it necessarily
09:23 so if you're not actually collecting and
09:25 storing that data that's in the contact
09:27 form right um is that actually required
09:31 like let's so if if that contact form
09:33 never actually gets submitted to into a
09:35 database let's say then does that do you
09:39 actually need that sort of consent
09:41 because if it's like just like a
09:42 customer support thing where someone's
09:43 email me I'm not storing their
09:45 information it's just a way for me to
09:47 reply back to them well I mean you kind
09:52 of are storing it right it goes into a
09:55 server you're it's in your inbox
09:57 somewhere right
09:58 I mean me I am a little different
10:00 because I am actually storing that into
10:02 a ticketing system yeah and that
10:04 ticketing system is something that I I
10:06 own and operate so in good faith I'm
10:09 gonna definitely do that and add a
10:11 little checkbox to my forms that say you
10:12 know I consent to having you know my
10:16 name is Ahmad rose just so that you know
10:18 when I'm following up for the rap
10:20 believer general who don't have that
10:22 kind of a database back in their website
10:29 on the safe side because you know if
10:33 you're running if you're sending it off
10:34 if you think of your inbox as a database
10:36 mm-hmm you know can they classify your
10:38 inbox of the database at that point
10:41 if at that point isn't it you know you
10:43 have to have a consent box for anyone to
10:45 send an email to anybody you know I
10:48 yeah yeah I understand where you're
10:50 going out I'm just playing trying to
10:51 play devil's advocate advocate here yeah
10:53 sure sure yeah so it's just I this this
10:58 one website that I brought up is I'm
11:02 gonna put in the show notes
11:03 it is the gdpr in plain English he kind
11:08 of broke it down into various sections
11:09 and the first section I thought was
11:11 really good it's like basically the
11:13 first section of gdpr is is who does
11:15 this apply to right so obvious this this
11:18 applies to EU citizens okay but also
11:21 applies to now the big question even I
11:25 had is well I'm not a member of the EU
11:26 so why do I have to follow this right
11:28 well the basic premise behind it is if
11:32 you're doing business with EU customers
11:34 um it's nice to do it on their behalf
11:37 right you know it's the it is basically
11:41 impossible for them to come after me
11:43 personally um because I am NOT in you
11:46 but it's it's basically like hey you
11:49 know I need to provide this as a
11:51 something that's nice to have for my EU
11:54 citizens that are customers right is
11:58 that kind of how you've you've you agree
12:01 with that yeah yeah yeah that's
12:03 definitely just you know being
12:04 progressive in full or thinking about
12:06 and definitely want to be
12:08 welcoming and and you know humble to
12:12 those those you know our customers in
12:15 the EU you know I don't want to turn
12:16 them off because I don't want to support
12:18 their language or their you know their
12:21 culture their in this case laws yeah so
12:25 and kind of what data does this apply to
12:28 um I you know I think we kind of cover
12:30 this is obviously databases but it's
12:32 like any sort of data a file or database
12:34 that contains any sort of identifying
12:37 way to identify a specific individual so
12:40 that is definitely a name and an email
12:43 address or an actual physical address or
12:46 you know things of that nature so any
12:47 way that you can identify a particular
12:50 person that is the type of data that
12:52 this is targeting right
12:55 correct correct so you know I was
12:59 thinking about this and you can
13:00 definitely do this check box approach
13:02 required check box approach on the built
13:05 in rap that we've performed contact form
13:08 you know I was thinking about oh I got
13:11 worried for a second making sure forms
13:13 plus support this I'm like yeah you
13:15 could do this in forms plus and then if
13:17 another a contact form that saved to a
13:20 database like forms Plus does and stuff
13:23 it gets a little tricky and that's when
13:26 that's when if somebody asks you hey you
13:29 know purge all the information about me
13:32 if you know you're using forms plus or
13:35 you using another contact form that
13:37 saves to a database you know that's when
13:39 you're gonna be required to go into the
13:40 database find all submissions from that
13:43 user and go in and delete them yes
13:45 now you don't it doesn't require that
13:47 you have an automated way to do that it
13:49 just says that you don't have to be able
13:51 to do that right so um you know again
13:54 with foundation form same thing you
13:56 could just add a checkbox to your form
13:57 you can Marcus so that checkbox is
13:59 required and if the user doesn't check
14:02 that box the form won't submit right so
14:05 you know can confirm nomination form
14:08 save to database yes okay sorry I'm I
14:12 ain't wasn't aware yep yeah I can save
14:15 to database
14:16 it doesn't do all the the auto database
14:18 management like forms plus does but if
14:20 you just create the forms and then just
14:22 map all the fields in database map
14:24 directly to individual you know form
14:26 items so every name of the column
14:28 matches the name of the in the field in
14:30 the form and you're good to go
14:32 cool cool not to get sidetracked yeah
14:36 exactly
14:38 okay so how do we implement gdb our I
14:41 think we talked about a little bit I'm
14:43 just kind of going through what this
14:45 article has and so the the link that I
14:49 want to share in this show notes is
14:50 actually a blog post from a wordpress
14:55 contact form plug-in and I thought it
15:00 was a great resource for this because
15:01 the outline the things that you need to
15:04 make changes for and you know going back
15:06 we talked about the checkbox the
15:08 required checkbox and that would cost
15:10 about the data based off you know how to
15:12 do that on that is definitely do it
15:15 manually you know most web hosts and
15:18 including chillydog have a tool called
15:21 phpMyAdmin which gives you a web-based
15:27 I to run my sequel queries on and you
15:32 know in the last episode we talked about
15:33 Mac apps we talked about sequel Pro
15:35 another great tool to search and use
15:38 your database remotely so in this ninja
15:42 forms you know
15:44 they go on to talk about that they talk
15:46 about a search and manage your database
15:48 like that and they talk about one other
15:51 thing that's very important as a privacy
15:53 policy and having
15:55 a good privacy policy will help kind of
15:59 solidify that
16:02 I actually have another link on the
16:04 privacy policy company that I use they
16:06 have a free version and they have
16:07 another paid version that's 27 dollars a
16:09 year per site but it's the nice thing is
16:13 that you can just click on the services
16:15 that you use like I have a contact form
16:18 of my site it collects your name it
16:20 collects your address it collects
16:21 telephone number whatever and it'll
16:25 build a nice-looking contact privacy
16:27 policy for that and you could just embed
16:29 that right into your site so I'll share
16:32 that with users is called cool not sure
16:34 how to pronounce it it's called them
16:37 I embed uh I am better you know I'll
16:42 share it it's pretty it's pretty cool so
16:45 that's it just going through this it's
16:48 just
16:51 seems I could have overwhelming amount
16:52 of stuff but it doesn't seem like it's
16:54 gonna be that terrible yeah obviously I
16:56 think in other parts of the bill
16:58 actually require that you know if you
16:59 are collecting data it's you know
17:01 encrypted so that means HTTPS right so
17:05 effectively this is recommending that
17:07 all websites are running on HTTPS which
17:10 you should be doing anyway
17:12 users right it's super easy to do either
17:15 you know go host with Greg or check out
17:17 CloudFlare hook that up to your host
17:19 makes it really simple to get HTTPS up
17:22 and running if you are on a host that is
17:24 gonna try to charge you for that um you
17:27 need to bail ship because HTTP should be
17:29 free everywhere okay so do not I hope
17:32 you are not paying for any sort of SSL
17:35 Certificates because I know some hosts
17:37 are still doing that and they're
17:38 probably trying to charge you an arm and
17:40 a leg
17:40 right yes yes they do yep yes if you are
17:44 storing data in a database make sure
17:46 that that data at rest is encrypted
17:48 I believe that's part of the GD P R as
17:50 well if you're using MySQL that is a
17:52 feature of MySQL as well well well one
17:56 thing on that that Jo is that data at
17:58 rest is really around the hip like HIPAA
18:01 compliance yes if you're not storing
18:04 HIPAA compliance or in are storing
18:06 credit card information or anything like
18:09 that then you're probably okay okay so
18:12 you don't really have to worry about
18:14 being are storing like health
18:15 information you're storing if you're
18:18 doing credit card stuff I hope you're
18:19 using a payment processor that's PCI
18:22 compliant like stripe and PayPal and yep
18:25 not believe users aren't stupid I'm
18:27 storing credit cards like that on a
18:28 shared host you're doing that kind of
18:33 stuff would be very very strongly
18:37 discourage it
18:38 sure shared hosting environment storing
18:39 mr. cust oh another part with collecting
18:42 data is I believe you have to actually
18:43 track where you received that data from
18:46 so you have to know you have to be able
18:48 to prove you know um where you got that
18:51 consent where the user actually
18:53 subscribed to your list or where they
18:55 you know sent that is a lot of if you
18:56 only have a single contact form on your
18:58 website that's probably to be really
18:59 easy but you know there are ways to do
19:02 that like for example I
19:04 my post-office stack that integrates
19:06 with Greg's email service and I'm gonna
19:09 be shipping on an update that will
19:10 actually send and submit along with the
19:13 correct with the request the exact
19:16 location in a URL from where that was
19:19 submitted right so um definitely
19:22 possible yeah so you know just know you
19:26 have to be able to prove where that you
19:28 know submission came from again it's
19:29 gonna be really easy if you only have
19:30 one contact form on your page or
19:32 something like that you can prove that
19:34 pretty darn easily but if you are
19:36 worried about that then that's a
19:38 solution you know thanks Joe we just
19:40 talked to put that the other day so I
19:41 appreciate that yeah um it's not just
19:44 the location I should I should mention
19:45 is also the users location not just the
19:48 web location of where the contact form
19:50 was so you know if you're putting in a
19:53 contact form you need the visitors IP
19:56 address yes likely so that they they can
20:00 verify that and you know that you
20:02 started talking about newsletters you
20:04 should definitely reach out most you
20:08 know
20:08 providers have probably already ahead of
20:09 the game on this mail you could use
20:11 MailChimp or or madman gimme one view
20:14 chili dog
20:15 yep it's all supported already and if
20:18 you're unsure definitely reach out
20:20 because you have a bow
20:25 a half or so before the slobby this law
20:27 goes into effect right yep exactly
20:30 yeah awesome
20:33 what else do you think about
20:37 you think it's I think it's gonna have
20:38 teeth III think you know it's just
20:42 because you know the deadline is coming
20:44 up and people are stressing out about it
20:46 that but in the long run it'll just kind
20:50 of like be like the cookie law where
20:52 people are just is just gonna be it's
20:55 just gonna be there right we'll have you
20:57 know form options for us to to add to
21:00 our forms and people will just forget
21:02 about it you know you know just like the
21:05 cookie law yeah people put the little
21:06 banners up on their website it just
21:08 becomes a new thing right we're now we
21:11 just have an extra text checkbox on our
21:13 forms so to consent
21:15 right so we get adblock will be a cookie
21:18 law block and I'm gonna have all these
21:21 notices to block when you on your pages
21:23 yeah yeah
21:25 so I guess my
21:28 I guess my summary is
21:31 privacy policy
21:35 ad
21:36 send check box that's required under
21:38 contact forms if you're saving things to
21:42 a database make sure you know how to go
21:45 into that database manually it's you
21:49 know if it's not if it I don't imagine
21:50 this is something that's gonna happen
21:51 often so automating something that's not
21:53 gonna happen very often doesn't really
21:55 make sense mm-hmm
21:56 you don't do it do it when it becomes a
21:58 problem I philosophy so make sure you
22:02 can go into the database and search for
22:03 all users that request it and you know
22:06 make sure you know how to delete them
22:09 and you know get back to your running
22:11 your business and and you know making
22:14 making websites exactly yeah yeah I
22:18 think you summed it up nicely um not
22:20 really much else to say I I think we
22:22 covered everything I don't think we've
22:24 uh we've really left much out that
22:26 there's a bunch of other boring parts of
22:27 the law that really don't pertain to us
22:29 like you know you know what the
22:32 governing bodies need to do to you know
22:34 make sure that all this happens and and
22:37 you know each represented each country
22:39 in the EU has its own representative for
22:41 it and so on and so forth but yeah it's
22:44 all boring stuff
22:47 yeah gdpr it's it's kind of common
22:49 common sense mostly stuff that a lot of
22:51 us were doing anyway or we were going to
22:53 be doing anyway right HTTP making sure
22:56 that you know we're not giving out our
22:58 customer data everybody like some world
23:02 wide apps are doing right now yes they
23:10 are cool hopefully hopefully no
23:15 hopefully my previews are a little less
23:17 scared a little a little more
23:20 comfortable with what they're doing
23:21 yep cool well I don't want to bore
23:23 anyone else again with this podcast so
23:27 we are done with gdpr
23:28 where our next podcast is gonna be
23:30 exciting it's gonna be about images and
23:32 we got other ones coming up so if you
23:35 have any questions about this podcaster
23:37 and the others send us an email at
23:39 feedback at rapidweaver I'm sorry
23:41 feedback at Weaver radio.com that is
23:46 feedback at Weaver radio calm again you
23:49 can also post questions on our space
23:51 over at Weaver space and yeah thanks
23:55 Greg to get a hold out to get ahold of
23:57 us our hold of us I am at Joe workman on
24:00 Twitter I'm on Weaver space and Greg you
24:04 are I am on Twitter and chillydog host I
24:09 am on Weaver space and of course the
24:12 forums at bar chart Pete my last name so
24:15 you know hit me up ask me questions send
24:17 us and send us that email and look
24:20 forward to hearing for everybody cool
24:22 thing 5 star reviews on iTunes everybody
24:24 we will see you next week bye later
24:30 "}]