1. What is GDPR?
GDPR stands for General Data Protection Regulation, read more about it on the official site. In short with GDPR compliance a user should be asked for consent before taking his or her personal data, view/edit his submitted data and on part of the site owner (controller/processor) need to make sure they protect the user data and if breached inform the affected users timely as well as concerned authorities. That's the gist of it. If you handle EU customers even if your business is not based in EU, this directive applies to you too.
2. What GDPR compliance requires ?
Access to information
Users should be able to to view the information collected or submitted by them on your site.
Edit/port their data
Give options to users to modify or remove their submitted personal information.
3. Our software & IT
PHP7 : Joomla CMS and the blog from Blogger (blogspot) of Google
banner/link ads/Social network share : Google Analytics (save 50Month), Google Manager, google map, google adsense Viglink, AddThis, Blogger (blogspot)
Panel admin: Plesk
Social login under API: Facebook, linkedin, microsoft, google+, twitter
CDN : Cloudflare (Etat-Unies)
Server : VPS OVH data host (France)
Bot Messenger: crisp.chat - contract signed.
Video and movie tiers: Daylimotion (France), Youtube (Etat-Unies)
4. Solution Protection
- Authentification à deux facteurs sur des services tiers Google, Yubikey, Email
- Nom de domaine sous DNSSEC
- IP bloquer contre les brute-force abusive
- SSL Cloudflare: ECC COMODO (accès garantie A+ scan sur SSLLabs.com)