Protecting Personal Data with Django (because it's the law)

Will Hardy

Playlists: 'djangocon2018' videos starting here / audio / related events

A new EU regulation comes into effect in the middle of this conference. Here is an overview of what is required and how you can use Django to comply.

From 25 May 2018, anyone collecting personal data on European Union residents will have to follow a number of new rules, some of which are pretty far-reaching. The new rules are however simple enough to understand, and as professionals, getting on top of things like this is what we're being paid for.

The regulation is called "Regulation (EU) 2016/679" and is commonly known as the "General Data Protection Regulation" or "GDPR". It has been around for a couple of years and comes into effect now. The previous regime (95/46/EC) was only an EU Directive, so the exact rules were implemented in the native laws of each EU Member State. The new regulation applies everywhere automatically, so it is a single set of rules for all of Europe, which is a good thing. Not everyone will be responsible for managing compliance, but I think every professional software developer should get to know this regulation.

In the first half, I'll provide an overview of the parts of the regulation that are relevant for developers. In the second half, I'll look at the ways of complying using Django: what Django already does for you, how to make Django do more, and also (quickly) what sort of data protecting batteries might be useful Django to include going forward.

I'll be around for the sprints if anyone is interested in working on this at a framework level.