Privacy module

Edition DX Core

License

MLA

Issues

MGNLPRIV

Maven site

Privacy

Latest

2.0

The Privacy module enables you to produce websites compliant with the General Data Protection Regulation (GDPR).

Module structure

artifactID Description

magnolia-privacy

Parent reactor.

magnolia‐privacy‐visitor‐manager

magnolia‐privacy‐form\

Provides a privacy-aware form component.

magnolia‐privacy‐ui\

Provides:

  • A privacy-aware sub app.

  • The Visitors app and related actions such as the Update consent action.

  • The Cookies app.

magnolia‐privacy‐sample\

Provides usage examples of the above modules.

magnolia‐privacy‐cookie‐manager

Provides the cookie API.

<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-cookie-manager</artifactId>
  <version>2.0</version>
</dependency>
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-visitor-manager</artifactId>
  <version>2.0</version>
</dependency>
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-ui</artifactId>
  <version>2.0</version>
</dependency>
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-sample</artifactId>
  <version>2.0</version>
</dependency>

Configuration

The configuration of the Privacy module is done in the privacy-visitor-manager submodule, which allows you to define the following:

  • Groups of personal fields that are used as database field names (JCR properties in case of the JCR workspace) to organize the personal data collected and processed for the purposes of GDPR.

  • Visitor References Searchers, a list of systems (typically workspaces) registered to process GDPR-sensitive data.

  • Names of system properties to be excluded from a GDPR report: an export in machine-readable format of all data and data categories stored and processed by Magnolia for the purposes of GDPR.

Personal fields

Personal field groups are configured under /visitor-manager/config/personalFields, see an example hierarchy below.

A content app processing GDPR-sensitive data, or an editor working with such an app, is able to process the data only if the visitor has given consent.

A visitor must give consent for the whole group, such as name or addressOne in the example below.

Example field hierarchy

image

Visitor references searchers

The searchers are defined under /visitor-manager/config/visitorReferencesSearchers. Magnolia provides searcher configurations out-of-the-box for:

  • JCR Searcher

  • IBM Watson Reference Searcher

In the following example, the contact and visitors workspaces are registered to be able to process GDPR-sensitive data in the JcrVisitorReferencesSearcher:

image

Property Description

<searcher-name>

class

required

The class implementing the searcher.

The following searcher implementations are provided by Magnolia:

  • info.magnolia.consent.visitor.jcr.JcrVisitorReferencesSearcher

  • info.magnolia.extforms.consent.WatsonReferencesSearcher

workspaces

<workspace-name>

required

Name of the workspace registered to process GDPR-sensitive data.

The workspaces are specific only to the JcrVisitorReferencesSearcher.

Filtering JCR references for export

This feature is relevant only to JCR. We don’t provide any filtering for Watson.

Under the excludedNames node of the /visitor-manager/commands configuration subtree, you can list the properties that should not be included in a GDPR report. GDPR reports typically show all visitor-related data and data categories stored and processed for the purposes of GDPR.

The following example shows an exclusion configuration implementing the info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference class:

image

Node Description

export

class

required

The class implementing the export function.

Magnolia provides the following implementation classes out-of-the-box:

  • info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference

  • info.magnolia.extforms.consent.WatsonRecordReference

contentDecorator

propertyPredicate

class

required

Must implement the info.magnolia.jcr.predicate.PropertyFilteringPredicate class.

excludedNames

<property-name>

optional

The name of the property to be excluded from appearing in a GDPR report file.

Feedback