heldercervantes

It doesn't necessarily have to be an expensive thing. Most small business' websites don't require personal information from their users. Right now I'm looking at a list of 20 sites I've built last year and only 3 or 4 store user's emails. No biggie there. Look at these guys' contact page and the privacy policy they have. It's a great reference for most cases. Now if you do store data, you'll have to be careful. I don't want to have something in the privacy policy like they have: "This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). Pseudonymisation, meaning that the personal data can no longer be attributed to a specific user without the use of additional, separately stored information (key), is a requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to implement it on our website as soon as we are able to."

By the way, has anyone seen a website that already takes steps to comply with this? I'm seeing a page for a webinar on the subject with a registration form and no consent warning or even privacy policy link anywhere. I'm clicking google ads for companies selling consulting services that don't seem to have anything in place either.

Yes, but... As a web developer that's hired to build a website and hand over the key, we can only answer for the job we did then. Unless we're hired to keep an eye on the site and keep it secure over time. This will eventually create new business opportunities for us and others. Already I'm reconsidering projects I'm working on and negotiating. I'm also looking at my previous projects to see which will need what, and of course those will need updating. Security companies will start selling this service, and probably hiring guns in the black market to poke people's websites and spread fear. I'm guessing even lawyers can start selling advice on what a site needs to ensure. At some point they need to register, and at that point your visitor will have to check that acceptance box. Once that's done they're considered informed and you shouldn't need to ask for acceptance again In an extreme scenario, that could even be the first step of the form. "You're about to enter a form that requires personal data. Before proceeding please read our privacy policy." I don't think it necessarily needs to be a checkbox, as long as it's absolutely clear. You just have to make sure your visitor is warned and is presented an opportunity to read the terms before any of their data is submitted.

That's the whole point of this thread I don't think there necessarily needs to be a plugin for outputting legal stuff. Considering the basic contact form, there should be a privacy policy page somewhere that describes what happens to the data, and we have some guidance for writing that up here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/what-information-must-be-given-individuals-whose-data-collected_en. But that's our clients' responsibility, not ours. Of course, this will vary greatly from site to site. It's not the same as the cookie consent message. The company has to describe exactly what they will to do with the information and how long they'll keep it. We should also add the "I accept the terms of this site's privacy policy" checkbox on any forms that ask for private data, and the words "privacy policy" linking to the page where it's all described. There shouldn't be a problem stating that the form submits the data to our email for appropriate response, that no data is stored permanently on our servers, and should you require the right to be forgotten, please submit your request to the email xxx. This and all the rest that's stated in the link above. But so far this isn't more than a disclaimer and examples will start popping up everywhere on the web in no time. What worries me more is when the data stays in our PW. If the server is hacked and info is leaked, there can be an investigation that will evaluate how careful we were with the way we've built the site. They mention database encryption, security by design, and keeping the data for the least possible time. For me this is where one or two new modules may come in handy. Not keeping the CMS updated can theoretically burn someone. Example: We have a jobs form that stores a user's CV. In a year that CV will be outdated and would serve no use. A module that automatically manages that content's (page) date of expiration and deletion could be useful. Another example: A site that has a private area that a user can register to gain access to. After X months without logging in, the data is deleted. Maybe even notify the person that it will happen unless they log in before day X. Doesn't sound too complex to do. Now, security by design... I'm clueless. I saw a mention of stuff like scattering personal data in more than one DB and only by comparing a blind ID you can tie the info together. I can see the coolness, but can't see it as something viable for smallish sites.

It's aimed at protecting EU citizens' privacy and therefore I don't know if you'd be able to take a dispute to court. Yesterday I read somewhere that was the worry that storing info on the cloud could mean that it's not in a server within the EU jurisdiction. I bet this will mean companies like google and facebook are forced to have european users' data in a european datacenter and comply to these rules.

It seems it does and doesn't Basically any and all personal information, including something as simple as someone's name and email is a potential liability. So imagine you have a contact form, and just to be safe that form doesn't generate an email with all the info, but only a notification. You then log in to PW, see someone asking for an estimate, and how do you contact that person? Send an email and set a reminder to delete the Word document with the proposal and the email from the sent folder in case that person rejects the proposal or doesn't answer in 2 weeks? I'm seeing articles saying that internal emails are now a dangerous thing. Companies have to set up policies for managing information that safeguards it from a hacked email account, a stolen laptop or even a lost notebook. Imagine that, someone giving you their info over the phone, you write it down, the note gets lost and you're in court. Of course this is all hype aimed at getting Snapchat in the corporate world

Hey community! Anybody worried about the new regulation? From May 25th on, we better start complying, otherwise there's an "up to 4% of the year's turnover or 20 Million euro fine, whichever greatest" hanging over our heads. Most my projects don't store any data and the forms only submit to email. I can't find any information regarding this scenario, but I'm guessing we'll need to add disclaimers in a privacy policy that clearly answers these questions: https://goo.gl/iczesa, and a checkbox for accepting the terms. I'm curious though about how something like privacy by design could be implemented in PW. Looks like it's time to send proposals to all our previous clients

Very nice

YAY!

Well spotted @DaveP, hovering the "Português" link on the top right points to http://assembleia.pt/http404/. I'd try updating or reinstalling the language modules.

Also this could help: http://processwire.com/docs/tutorials/troubleshooting-guide/page3

It could be related to the environment. Check the thread above. On one of my more recent sites I had to switch the PHP version on my Cpanel to a newer version.

Parece que podemos falar português Are you getting that .htaccess from an installation of the PW version you're upgrading to? Look here: https://github.com/processwire/processwire/tree/dev

Sounds like a problem with .htaccess Check that you have it there and maybe it needs updating too.

Well said. I've used it on my last project and was blown away by the results. Images turn out looking much better than with GD as well, without all that color banding crap.

I hear you Rick. And the menu font is a bit too slim for my taste as well, but I just code on this one Wouldn't mind dining there tonight myself.

If you've seen Verride Hotel, you've seen this layout before: http://restaurantecriatura.pt/en/ This is one of the restaurants in Verride Hotel in Lisbon. It uses the same base layout for the master site, with some new stuff here and there. Both opened doors this week so you can start making your reservations

You're generating the variations with the API on the frontend, right? This sounds like a memory limit thing. I've had sites crash when they got a bunch of really big images added to a page. Access that page after and the processing time is clearly noticeable. On extreme cases I got a timeout, but refreshed the page and since most variations were already generated from the previous attempt, the second try goes through. This may help: https://processwire.com/blog/posts/processwire-3.0.63-adds-client-side-image-resizing/

I've never really built a progressive web app, so this answer may be silly. Not having experience with them, I only know the basics, and am not aware of the best practices. Disclaimer out of the way, Processwire's best feature is the flexibility of what you can make with it. I've made web-apps that mimic the look and feel of an actual app, and I've made single-page web applications that load content through Ajax calls. You can very easily set up a page template that grabs content of the POST variables, does its thing and outputs whatever you want, be it JSON, XML or just a chunk of HTML to feed into a <DIV>. If your frontend is able to read that output and display it, you're good to go.

Wouldn't mind having a go at that. Just for a weekend

Oh how I love my country. Just came home from a night out with the wife, a nice dinner followed by a glass of Macallan on a terrace. A jacket and scarf with just a shirt underneath is enough. Got home, all the heating we have is a couple of cats and a gas heater for when it's really cold (by our standards), which is turned off, but temperature is perfectly fine. This while the US is going through an ice age and people are getting blown away by the wind in the Netherlands. And after I click "Submit Reply", I'm going to change into a t-shirt, fill up a hot water bottle and go to bed, feeling blessed.

Like @Klenkes said. I'm usually quite strict about template relationships and establish them both ways. After that when you try to move a page out of where it's supposed to be, PW complains.

DAMN! I'm gonna mention this to a client someday.

I may be wrongly interpreting this as a quite specific need, but I'd make this feature a module. I've never needed something like this but who knows, maybe one day. So it makes sense to me to keep this out of the core, and something we could add as a module when we need it.

I usually go by @rafaoski's approach. I first go to http://www.favicomatic.com/, upload a 500x500 image to generate a full icon pack. Then I place the icons in their own folder inside the templates folder. Usually /site/templates/img/favicon/ Favicomatic gives you a rather large HTML snippet. Slap that on your template, and on each line that points to a file, you'll have to fix the url, like so: <link rel="icon" type="image/x-icon" href="<?= $config->urls->templates ?>img/favicon/favicon.ico">