Privacy module
Customer data Bundled: DX Core
Edition |
DX Core |
License |
|
Issues |
|
Maven site |
|
Latest |
2.0 |
The Privacy module enables you to produce websites compliant with the General Data Protection Regulation (GDPR).
Module structure
| artifactID | Description |
|---|---|
|
Parent reactor. |
|
Provides the API for GDPR-related operations. |
|
Provides a privacy-aware form component. |
|
Provides:
|
|
Provides usage examples of the above modules. |
|
Provides the cookie API. |
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-cookie-manager</artifactId>
<version>2.0</version> (1)
</dependency>| 1 | Should you need to specify the module version, do it using <version>. |
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-visitor-manager</artifactId>
<version>2.0</version> (1)
</dependency>| 1 | Should you need to specify the module version, do it using <version>. |
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-ui</artifactId>
<version>2.0</version> (1)
</dependency>| 1 | Should you need to specify the module version, do it using <version>. |
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-sample</artifactId>
<version>2.0</version> (1)
</dependency>| 1 | Should you need to specify the module version, do it using <version>. |
Configuration
The configuration of the Privacy module is done in the
privacy-visitor-manager submodule, which allows you to define the
following:
-
Groups of personal fields that are used as database field names (JCR properties in case of the JCR workspace) to organize the personal data collected and processed for the purposes of GDPR.
-
Visitor References Searchers, a list of systems (typically workspaces) registered to process GDPR-sensitive data.
-
Names of system properties to be excluded from a GDPR report: an export in machine-readable format of all data and data categories stored and processed by Magnolia for the purposes of GDPR.
Personal fields
Personal field groups are configured under
/visitor-manager/config/personalFields, see an example hierarchy
below.
A content app processing GDPR-sensitive data, or an editor working with such an app, is able to process the data only if the visitor has given consent.
A visitor must give consent for the whole group, such as name or
addressOne in the example below.
Example field hierarchy
Visitor references searchers
The searchers are defined under
/visitor-manager/config/visitorReferencesSearchers. Magnolia provides
searcher configurations out-of-the-box for:
-
JCR Searcher
-
IBM Watson Reference Searcher
In the following example, the contact and visitors workspaces are
registered to be able to process GDPR-sensitive data in the
JcrVisitorReferencesSearcher:
| Property | Description | ||
|---|---|---|---|
|
|||
|
required The class implementing the searcher. The following searcher implementations are provided by Magnolia:
|
||
|
|||
|
required Name of the workspace registered to process GDPR-sensitive data.
|
Filtering JCR references for export
| This feature is relevant only to JCR. We don’t provide any filtering for Watson. |
Under the excludedNames node of the /visitor-manager/commands
configuration subtree, you can list the properties that should not be
included in a GDPR report. GDPR reports typically show all
visitor-related data and data categories stored and processed for the
purposes of GDPR.
The following example shows an exclusion configuration implementing the
info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference class:
| Node | Description |
|---|---|
|
|
|
required The class implementing the export function. Magnolia provides the following implementation classes out-of-the-box:
|
|
|
|
|
|
required Must implement the
|
|
|
|
optional The name of the property to be excluded from appearing in a GDPR report file. |