Privacy module

Customer data Bundled: DX Core

Edition

DX Core

License

MLA

Issues

Maven site

Latest

2.0

The Privacy module enables you to produce websites compliant with the General Data Protection Regulation (GDPR).

Module structure

artifactID Description

magnolia-privacy

Parent reactor.

     magnolia‐privacy‐visitor‐manager

     magnolia‐privacy‐form

Provides a privacy-aware form component.

     magnolia‐privacy‐ui

Provides:

  • A privacy-aware sub app.

  • The Visitors app and related actions such as the Update consent action.

  • The Cookies app.

     magnolia‐privacy‐sample

Provides usage examples of the above modules.

     magnolia‐privacy‐cookie‐manager

Provides the cookie API.

<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-cookie-manager</artifactId>
  <version>2.0</version> (1)
</dependency>
1 Should you need to specify the module version, do it using <version>.
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-visitor-manager</artifactId>
  <version>2.0</version> (1)
</dependency>
1 Should you need to specify the module version, do it using <version>.
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-ui</artifactId>
  <version>2.0</version> (1)
</dependency>
1 Should you need to specify the module version, do it using <version>.
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-sample</artifactId>
  <version>2.0</version> (1)
</dependency>
1 Should you need to specify the module version, do it using <version>.

Configuration

The configuration of the Privacy module is done in the privacy-visitor-manager submodule, which allows you to define the following:

  • Groups of personal fields that are used as database field names (JCR properties in case of the JCR workspace) to organize the personal data collected and processed for the purposes of GDPR.

  • Visitor References Searchers, a list of systems (typically workspaces) registered to process GDPR-sensitive data.

  • Names of system properties to be excluded from a GDPR report: an export in machine-readable format of all data and data categories stored and processed by Magnolia for the purposes of GDPR.

Personal fields

Personal field groups are configured under /visitor-manager/config/personalFields, see an example hierarchy below.

A content app processing GDPR-sensitive data, or an editor working with such an app, is able to process the data only if the visitor has given consent.

A visitor must give consent for the whole group, such as name or addressOne in the example below.

Example field hierarchy

Example field hierarchy

Visitor references searchers

The searchers are defined under /visitor-manager/config/visitorReferencesSearchers. Magnolia provides searcher configurations out-of-the-box for:

  • JCR Searcher

  • IBM Watson Reference Searcher

In the following example, the contact and visitors workspaces are registered to be able to process GDPR-sensitive data in the JcrVisitorReferencesSearcher:

Workspaces structure

Property Description

<searcher-name>

     class

required

The class implementing the searcher.

The following searcher implementations are provided by Magnolia:

  • info.magnolia.consent.visitor.jcr.JcrVisitorReferencesSearcher

  • info.magnolia.extforms.consent.WatsonReferencesSearcher

     workspaces

         <workspace-name>

required

Name of the workspace registered to process GDPR-sensitive data.

The workspaces are specific only to the JcrVisitorReferencesSearcher.

Filtering JCR references for export

This feature is relevant only to JCR. We don’t provide any filtering for Watson.

Under the excludedNames node of the /visitor-manager/commands configuration subtree, you can list the properties that should not be included in a GDPR report. GDPR reports typically show all visitor-related data and data categories stored and processed for the purposes of GDPR.

The following example shows an exclusion configuration implementing the info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference class:

Exclusion configuration

Node Description

export

     class

required

The class implementing the export function.

Magnolia provides the following implementation classes out-of-the-box:

  • info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference

  • info.magnolia.extforms.consent.WatsonRecordReference

         contentDecorator

             propertyPredicate

                 class

required

Must implement the info.magnolia.jcr.predicate.PropertyFilteringPredicate class.

                 excludedNames

                     <property-name>

optional

The name of the property to be excluded from appearing in a GDPR report file.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules