The General Data Protection Regulation is a regulation of the European Union that defines the processing of personal data. In order to comply with this regulation we introduced GDPR handling. This concept describes the GDPR export feature and how customers can customize it. The GDPR export was developed as generic, adaptable and migration-friendly. Fields of persistent objects containing any kind of personal data can be serialized as JSON. When the process is completed the CSR (the administrator) can download the data as a ZIP archive.
|CSR||Customer service representative|
|General Data Protection Regulation|
|Serialization||Transform Java Object to JSON|
|Absent value||Value of a referential type (like Java 8 optional)|
The export logic is located in the bc_gdpr cartridge within the f_business component set. The diagram below presents the export algorithm.
|Directory and Files|
|GDPR directory in server||share\sites\<Org-Chanel-Site>\1\units\<Org-Chanel>-Anonymous\gdpr|
|Filename pattern||<Org-Chanel-Site>_<first name>_<last_name>_<request id>.zip|
Due to complications with persistent objects and the importance of the data, we offer a filtration logic. The filtration is realized by a custom JsonFilter provided by Jackson.
There are two classes responsible for this logic:
PropertyFilterGDPRImpl- Added specific logic for filtration, support different scopes for specific table or global-
PropertyFilterConfigurationProviderGDPRImpl- Declares which properties must be ignored and instance of
@Inject private PropertyFilterGDPRImpl propertyFilterGDPRImpl;
For a list with all ignored properties, refer to Concept - GDPR Export.
The serialization preferences must be defined in Jackson
ObjectMapper. In this project there are declared in
ObjectMapper has a provider that makes all default settings available to the mapper.
@Inject @Named("JacksonObjectMapperGDPR") private ObjectMapper objectMapper;
|Visibility||serialize only public method and fields|
|Write dates as timestamp||disabled|
|Fail on empty bean||disabled|
|Serialization inclusion||without empty and absent values|
The GDPR feature uses Guice as dependency injection framework and is therefore easy to integrate into our implementation. Guice works with modules and each module provides a declaration of bindings between interfaces and classes. Those bindings are stored in the object graph. To customize the export, you need to know which classes are declared in our API and what they are used for.
|PersonalDataSerializer||PersonalDataJsonSerializerImpl||Serialization of personal data|
|PersonalDataProvider||PersonalDataProviderImpl||Provides personal data for serialization|
|-||PersonalInformationRO||Presentation of single personal data entity|
The bindings can be overridden via declaration in objectgraph.properties:
global.overrideModules = <YourNamingModule>
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.