GDPR Platform (High Level)

So what will happen when I release the high level core platform?

All hell.

It has the implementations of all the Microsoft platforms, every CRM platform (generic, real estate, etc). And all your lovely marketing platforms that you so love dearly (and don’t know do shit that is so not #privacy oriented).

The beans will be spilled if/when the higher level platform is released. California and EU lawyers will rejoice.


The GDPR.Common github is the basis for your privacy journey. Examples of how to use this is defined in the SDK. It gives you the ability to do the push/pull models through encrypted messages to your Event Hubs.

The Controller is the abstract web interface that you would implement to accept request from your core #privacy platform over the PGP secured messages.

You can find the source here :

GDPR.Common – How to use it.

Implementing Privacy in your applications is easy. You don’t need to spend a ton of money on outside platforms to do it. I have made the GDPR core public on GitHub. This post will help you understand how to use it (a little bit anyway).

The main core platform I have not release yet to the public, but the lower layer I have and that’s what this post is about.

In order to implement GDPR, you must implement the interface I have defined and when I mean implement, I mean implement every interface for every application you have. This will take 2-3 days as an expert (me), 7-14 days as a great coder, 4 weeks as a good coder FOR EACH APPLICATION YOU HAVE.

The core is based on an application implementing certain interfaces. An abstract class *GDPR.Applications.GDPRApplicationBase* gives you the starting point for this. It implements the GDPRApplicationCore and IGDPRDataSubjectActions. The IGDPRDataSubjectActions (based on my Data Subject Action pattern definition) is the minimal amount of actions you must implement in order for your application to be FULLY GDPR/Privacy compliant.

It has the following methods:

void ProcessRequest(BaseApplicationMessage message, EncryptionContext ctx);
void ValidateSubject(GDPRSubject subject);
void AnonymizeRecord(Record r);
void AnonymizeSubject(GDPRSubject subject);
List GetAllRecords(GDPRSubject subject);
List SubjectSearch(GDPRSubject search);
void SubjectNotify(GDPRSubject subject);
bool SubjectCreateIn(GDPRSubject subject);
bool SubjectCreateOut(GDPRSubject subject);
RecordCollection SubjectDeleteIn(GDPRSubject subject);
bool SubjectDeleteOut(GDPRSubject subject);
bool SubjectUpdateIn(GDPRSubject subject);
bool SubjectUpdateOut(GDPRSubject subject);
bool SubjectHoldIn(GDPRSubject subject);
bool SubjectHoldOut(GDPRSubject subject);
bool RecordCreateIn(Record r);
bool RecordCreateOut(Record r);
bool RecordDeleteIn(Record r);
bool RecordDeleteOut(Record r);
void RecordHold(Record r);
bool RecordUpdateIn(Record old, Record update);
bool RecordUpdateOut(Record r);
List GetAllSubjects(int skip, int count, DateTime? changeDate);
List GetChanges(DateTime changeDate);
ExportInfo ExportData(List records);
ExportInfo ExportData(string applicationSubjectId);
ExportInfo ExportData(string applicationSubjectId, GDPRSubject s);
void Discover();
bool Consent(string applicationSubjectId);
bool Consent(string applicationSubjectId, List types);
bool Consent(GDPRSubject subject);
bool Consent(GDPRSubject subject, List types);
bool Unconsent(string applicationSubjectId);
bool Unconsent(string applicationSubjectId, List types);
bool Unconsent(GDPRSubject subject);
bool Unconsent(GDPRSubject subject, List types);
bool GetConsentTypes();
bool PhoneNormalization();
bool GetSubjectConsents(GDPRSubject subject);

You MUST implement all of those methods for EVERY APPLICATION in order to be privacy compliant.

Many CRMs do NOT allow you to do all of these. Many Microsoft platforms DO NOT allow you to do all of these through “public” apis. Only hidden ones can you get to 100% compliance.

There is NOT A SINGLE COMPANY ON THE PLANET that has implemented this for their corporate-wide organization. Every lawyer on the planet can sue and win if your application developers did not follow the above pattern.

Automating GDPR Request for Microsoft Dynamics

And just like Office 365, On-Premises SharePoint and any other application that has a Privacy Central application stub sitting in front of it, you can also automate your Microsoft Dynamics privacy requests.

Check out the video here:

Privacy Central – Privacy Score – What is it?

Not all applications or companies will take advantage of the new Privacy Platform. Reasons being they may be large social media companies such as Facebook (et all), Google (et all), Apple, Microsoft…etc.

Why? Because they implement something on their own. Its their best try at giving you something to appease the regulators in Europe, California or wherever else you may have regulations.

Ok, good to know they can’t use the platform so what’s the point?

The SaaS platform,, allows for what are called “Redirect Applications”. These are applications that will redirect to the companies data request form or link. These links are usually hidden or only visible as a logged in user. These are the applications we are targeted for Privacy Scores. Although, there are some instances such as SalesForce, Dynamics, etc that will also get a privacy score.

What is the Privacy Score? It is a proprietary set of evaluation points (over 75+) that evaluate a company or a specific company’s application to tell you how safe it is. The specifics of the score are a close secret, but a couple things I can share is that some of the points are evaluated on the privacy policy and the terms of usage.

The goal is to add 2-3 Privacy Scores every week and post them to the PrivacyInc twitter handle along with the score to the SaaS platform. Eventually all major applications will be scored you will have a full view as to what applications are safe, and which ones are incredibly lacking.

You can get a view of the current set of scores here. Notice Instagram is the worst application you could possible utilize. And to think of all the children that are using that thing…not good.

Automating GDPR for On-Premises SharePoint

Yes, you can do it! Utilizing the Privacy Central privacy platform and its application stub framework, you can seamlessly operationalize your privacy requests for on-premises applications like SharePoint or any homegrown application.

Check out the video here:

Automating GDPR for Office 365

Yes, you can do it. Utilizing the Privacy Central privacy platform and its application stub framework, you can seamlessly operationalize your privacy requests for Office 365 and any other SaaS or homegrown application.

Check out the video here:

My Symphony

My name is Chris. This…is my 40-year symphony. It is choreographed to “Chopin”, and only “the best of”. So start this before you read on!

I, just like you, have 20+ years of hard work and ‘potential’.

We have startups galore under our belts.

And oh so many years of “keeping up” with the technology (for all you MCTs).

Let downs.

Beat downs.

Stock market disappointments



The dreaded, mid-life crisis.


We entirely…on our accord…”own” this “disappointing” world of ours.

Just like you, we are smart.

We know what the world wants.

We get it.

We know things before others do, yet we fail to act.

We lack the experience, yet we have…the “know-how”.

Some of you. Entire-ly possess it.

Call it…”courage”, if you will.

Yet….will you be one?

Will you, can you?

Take the risk?

We put in days. Months. Years.

Our entire life-force is put into something.

Something others may or may not ever appreciate. Or even know existed.


Creations that change the very fabric of reality. Of humanity?

Of us? Or of we?




From these.

“we” create.

Good for some, evil for others.

We create.

Things that people never thought could ever exist.

Paths, not evolved until we showed the way.

So, I present…my symphony.

Based on privacy. Built on honor.

Done for the greater good.

May we preserve our dignity and rights, as Martin Luther King envisioned for all humans and guided by the musical greatness and creativity of “Chopin”.

May we all enjoy what I consider to be…

My life’s work….

I look forward to all the things that evolve from it as it is now presented to the human race.

My Friend Tom Castiglia

It all started in Los Angeles for TechEd 2010.

After moving from Seattle with a big friend base, we found ourselves starting all over again. It didn’t take us long, but eventually we found intelligence gold! A very knowledgeable individual was doing a deep dive presentation on Windows Workflow Foundation. I was quite impressed and made it a point to strike up a conversation. Little did I know would this person, Zoiner Tejada, would eventually end up being one of my best friends, but also introducing me to his boss at the time, Tom Castiglia, co-owner of Hershey Technologies.

Hershey had a competitive product to SharePoint and Zoiner thought it a good idea to do a review of features between the two. I ended up meeting Tom and chatting for a few hours about the feature gaps between the two and if they should continue development. I was impressed with Tom’s quick acumen to pick up what I was saying…in typical Tom fashion:


Being that I had just left an incredible user group in Seattle (Puget Sound User Group) I was looking for something similar in San Diego. We had one, but it wasn’t doing what I felt it needed to do at the time, so I created I was lucky enough to have my friend Kevin Landry offer his facilities at New Horizons Miramar and after the first couple of meetings, Tom started attending. He offered up to be a sponsor and eventually became my founding member and vice president. As it started to grow, Galen and Tony came into the picture and joined our board.

Tom Castiglia and our first year of

Little did I know that these friendships would evolve into something magical. SharePoint Saturday’s were still in there beginnings back then and were on the upswing. I decided to pursue our first SPSSAN and we went big. I was able to call in a lot of personal favors and we had an amazing budget that allowed us to host it at the San Diego convention center.

If you run a user group or a SPS, you know how much work it is. After the first couple and $20K of my own money into it I decided to pass on the reins and Tom gladly accepted the role as President. He did an amazing job with the group and eventually convinced Microsoft to host us at the La Jolla office. And that’s where the lovely Sal Rosales came into the picture. He has been our sponsor and biggest fan. Through the years we were able to create incredible presentations and invite speakers from all over the world. Our user group and our events are, in my opinion, second to none. I believe that to be true due to the incredible bond we all have with each other.

It was always nice to go out afterwards and have a beer…that was definitely Tom’s favorite. He loved to go to Brewski’s Bar & Arcade. We’d all meet and talk about our month and what we were working on, do a little gossip of the what’s happening around town, they were insightful chats. In many cases, raw, unfiltered and full of trust.

As we worked more and more with the user group, I came to appreciate Tom’s hard work and dedication. It was at this time I was approached by eBay/PayPal to look at performing their SharePoint migration. I knew that it would be a big project and I’d need help. I approached Tom and he gladly accepted the challenge and trusted my estimate of the work. Hershey and I was able to complete the project successfully and within $5K of my original estimate.

It was quite the project and Tom and I talked almost every day for 4 months and we had a blast running around San Jose and San Francisco together. After we finished the project, we continued our user group activities and then Tom and his wife would join me on all my SharePoint conference adventures. eBay was featured that year as a reference customer and we had the Microsoft video crew out to eBay to film all our hard work.

As the years went by, Tom made a global name for himself and took advantage of every opportunity. I watched him from a far and we talked about a lot of stuff (selling Hershey, hiring Joel, leaving Konica and doing his own thing….). We trusted each other and he was a good friend that had his opinions on things but always accepted my crazy odd-ballness over the years. He was a true friend in every sense.

I’d have parties at my house, he and Martha was at every one. He had parties and we would go over and we had a blast!

Just last year I made it a point to get out of the country more. I was able to join Joel and Paul for China; Sheila and I went to Singapore. But more importantly, we also were able to make it down to Cuba. Running around Havana with Tom and Martha was a once in a lifetime experience and I’m happy that we got to have it with them.

Since the original crew started (Tom, Galen, Tony, etc), we have only grown our family here in San Diego. We now have Joel and David, and Ryan. Ryan has been generous enough to step in to take over the San Diego user group reins. With Tom no longer here, Ryan’s help is even more needed to keep things going as we all have so many things going on.

It’s hard to come to terms with the fact I won’t get to see him again. It’s also tough to know that he had such a exponential curve going for him; business, career and life-wise. He had big plans, and although the road was slow going, he kept at it. Everyday.

Knowing that this didn’t have to happen and could have been prevented is one of the tougher parts to deal with. We can only focus on the “butterfly flaps its wings” purpose of it happening and how we’ll change ourselves to honor his memory. I’m by no means the person Tom was, but he gave me a template and something to work towards. It’s the best way I can honor his memory till it’s my time one day.

It’s inevitable that people will come and go in your life, some will be more influential than others. For Tom, he leaves a hole in our local and global community that can’t be filled by any one person. It will take a little bit of everyone to help fill that gap. Tom represented Satya’s and Microsoft’s vision of empathy and caring. The world could use more Tom’s, not less. I encourage you (and even more-so myself), to try to be like Tom.

Miss you brother. Love.

If you have a story or pictures that you’d like to share about Tom, please post them to the memorial site we setup in his honor:

Microsoft SharePoint Conference 2019

Another year, another conference! Microsoft and SharePoint has evolved immensely in the past 20 years. For those of us that have been around that long (inside and outside Microsoft, and those that were outside and are now inside), watching it grow with the industry and web technologies has been exciting and at times maybe not so much.

Probably the most interesting thing to watch has been seeing the community evolve. Just like the stock market, it comes and goes in cycles. Newbies come in, experts go out. Some strike it rich, others not so much. Entire ecosystems were built from SharePoint; companies were created, companies died.

So where do we reside today? From someone that has been around a while (yeah, there are a few left standing that have been around much longer), I see a new cycle starting. Lots of fresh newbies have arrived with energy and fresh ideas (well kinda, its hard to not think of something that someone hasn’t tried, but nice to watch someone attempt it again even if it may not go anywhere). I have always promoted finding super smart new speakers to fill the conference pool and now I find myself working for Solliance which has been a long time conference participant in conferences like DevIntersection, Azure AI, AngleBrackets and a few others. As part of that my voice is a bit bigger given all the time and energy I contribute (yes, I do most of this work for free as part of my contributing back to the community).

Running a conference is a lot of work. More than you could imagine. SharePoint Saturday’s are one thing, a full blown conference with 5000+ attendees and demanding speakers and conference owner(s) can drive any person a bit crazy at times (next time you see Lyman, you should buy him a a nice stiff drink).

This year has been a bit different from the logistics side as we have moved to the new Hubb platform for speaker and session management. This presents some interesting challenges as we have to sync the data from the Hubb to the Solliance backend. As a PowerShell master, I was able to take from the many millions lines of PowerShell I have laying around and easily build a sync layer (multi layers of auth, two different web technologies). This layer works great as a point to point sync, but as you start to add new rules and requirements such as:

  • Only speakers that have accepted and signed
  • Session must be approved
  • Only community ones should be published
  • Titles change with no static session codes
  • etc etc etc

As you can imagine and may have noticed once or twice, not a simple or well oiled machine starting out. However, things have converged and its working well now. Unfortunately, the back-end needed some work as we were not utilizing the awesome new “slot” technology of Azure Web Apps nor were we fully utilizing the CD/CI of AzureDev ops. And let’s just say there wasn’t really a naming convention implemented so managing the Azure resources was a real pain in the a$$. That has since been resolved and all of the Git repos are tied to build and release in AzureDev ops that then push to our staging slots. From there our release manager can then switch the production and stage slots for instant deployment. I am thoroughly enjoying not having to manage any of this now…automation is beautiful.

In addition to all the above, I have been busy running through security and testing of our GDPR\AB375\PIPEDA platform (which is the topic of my SPC19 session). Building a platform makes you realize just how much people don’t know about GDPR technical implementations. It is by far the best content I have ever produced and I guarantee you will learn things that the EU or CA lawyers never would be able to tell you.

Looking forward to seeing you at SPC19 in May! Register here for $50 off registration.