Document Tree
Document Properties
Last Modified
Added to KB
Public Access
Doc Type
  • ICM 7.10
  • ICM 11
  • ICM 12
Concept - GDPR Export


The General Data Protection Regulation is a regulation of the European Union that defines the processing of personal data. In order to comply with this regulation we introduced GDPR handling. This concept describes the GDPR export feature and how customers can customize it. The GDPR export was developed as generic, adaptable and migration-friendly. Fields of persistent objects containing any kind of personal data can be serialized as JSON. When the process is completed the CSR (the administrator) can download the data as a ZIP archive.


CSRCustomer service representative


General Data Protection Regulation
JSONJavaScript Object Notation
SerializationTransform Java Object to JSON
Absent valueValue of a referential type (like Java 8 optional)


Export Overview

The export logic is located in the bc_gdpr cartridge within the f_business component set. The diagram below presents the export algorithm.

  1.  Crawl tables and get all data.
  2.  Filtrate non-personal data.
  3.  Provide data for serialization.
  4.  Group data into files.
  5.  Combine JSON files in a single ZIP archive.

Directory and Files
GDPR directory in servershare\sites\<Org-Chanel-Site>\1\units\<Org-Chanel>-Anonymous\gdpr
Filename pattern<Org-Chanel-Site>_<first name>_<last_name>_<request id>.zip

Filtration of Personal Data

Due to complications with persistent objects and the importance of the data, we offer a filtration logic. The filtration is realized by a custom JsonFilter provided by Jackson.

There are two classes responsible for this logic:

  • PropertyFilterGDPRImpl- Added specific logic for filtration, support different scopes for specific table or global- ignorePropertyInTable, ignoreALL.
  • PropertyFilterConfigurationProviderGDPRImpl - Declares which properties must be ignored and instance of PropertyFilterGDPRImpl.

private PropertyFilterGDPRImpl propertyFilterGDPRImpl;

For a list with all ignored properties, refer to Concept - GDPR Export.

Serialization Preferences

The serialization preferences must be defined in Jackson ObjectMapper. In this project there are declared in MapperBasicConfigSetting. The ObjectMapper has a provider that makes all default settings available to the mapper.

private ObjectMapper objectMapper;

JacksonObjectMapperGDPR Settings:

PreferenceDefault value
Visibilityserialize only public method and fields
Write dates as timestampdisabled
Fail on empty beandisabled
Serialization inclusionwithout empty and absent values


The GDPR feature uses Guice as dependency injection framework and is therefore easy to integrate into our implementation. Guice works with modules and each module provides a declaration of bindings between interfaces and classes. Those bindings are stored in the object graph. To customize the export, you need to know which classes are declared in our API and what they are used for.

PersonalDataSerializerPersonalDataJsonSerializerImplSerialization of personal data
PersonalDataProviderPersonalDataProviderImplProvides personal data for serialization
-PersonalInformationROPresentation of single personal data entity

The bindings can be overridden via declaration in

Override bindings
global.overrideModules = <YourNamingModule>
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties. Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Knowledge Base
Product Releases
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to if you experience login issues,
or if you want to register as customer.