Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.
The Privacy module enables you to produce websites compliant with the General Data Protection Regulation (GDPR).
Module structure
| artifactID | Description |
|---|---|
| Parent reactor. |
| Provides the API for GDPR-related operations. |
| Provides a privacy-aware form component. |
| Provides:
|
| Provides usage examples of the above modules. |
| Provides the cookie API. |
Installing
Maven is the easiest way to install the modules. Add the following dependency to your bundle: Maven dependency management will include the other required submodules. Make sure that all dependencies are in the same version.
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-cookie-manager</artifactId>
</dependency>
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-visitor-manager</artifactId>
</dependency>
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-ui</artifactId>
</dependency>
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-sample</artifactId>
</dependency>
Configuration
The configuration of the Privacy module is done in the privacy-visitor-manager submodule, which allows you to define the following:
- Groups of personal fields that are used as database field names (JCR properties in case of the JCR workspace) to organize the personal data collected and processed for the purposes of GDPR.
- Visitor References Searchers, a list of systems (typically workspaces) registered to process GDPR-sensitive data.
- Names of system properties to be excluded from a GDPR report: an export in machine-readable format of all data and data categories stored and processed by Magnolia for the purposes of GDPR.
Personal fields
Personal field groups are configured under /visitor-manager/config/personalFields, see an example hierarchy below.
A content app processing GDPR-sensitive data, or an editor working with such an app, is able to process the data only if the visitor has given consent.
A visitor must give consent for the whole group, such as name or addressOne in the example below.
Example field hierarchy visitor-manager config personalFields email fieldNames email email name fieldNames lastName lastname middleName middlename firstName firstname addressOne fieldNames country country city city streetAddress streetaddress zipCode zipNode Value
Visitor references searchers
The searchers are defined under /visitor-manager/config/visitorReferencesSearchers. Magnolia provides searcher configurations out-of-the-box for:
JCR Searcher.
- IBM Watson Reference Searcher (part of the IBM Web Forms implementation of the External Forms module).
In the following example, the visitor-manager config visitorReferencesSearchers jcr class info.magnolia.consent.visitor.jcr.JcrVisitorReferencesSearcher workspaces contacts contacts visitors visitorscontact and visitors workspaces are registered to be able to process GDPR-sensitive data in the JcrVisitorReferencesSearcher:
PropertiesNode Value
| Node | Description |
|---|---|
<searcher-name> | |
| required The class implementing the searcher. The following searcher implementations are provided by Magnolia:
|
| |
| required Name of the workspace registered to process GDPR-sensitive data.
|
Filtering JCR references for export
This feature is relevant only to JCR. We don't provide any filtering for Watson.
Under the excludedNames node of the /visitor-manager/commands configuration subtree, you can list the properties that should not be included in a GDPR report. GDPR reports typically show all visitor-related data and data categories stored and processed for the purposes of GDPR.
The following example shows an exclusion configuration implementing the visitor-manager commands visitor-manager export class info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference$ExportCommand contentDecorator propertyPredicate class info.magnolia.jcr.predicate.PropertyFilteringPredicate excludedNames mgnlLastActivatedVersionCreated mgnl:lastActivatedVersionCreated mgnlLastActivatedVersion mgnl:lastActivatedVersion jcrCreated jcr:created mgnlLastActivatedBy mgnl:lastActivatedBy mgnlLastActivated mgnl:lastActivated mgnlLastModifiedBy mgnl:lastModifiedBy jcrPrimaryType jcr:primaryType mgnlActivationStatus mgnl:activationStatusinfo.magnolia.consent.visitor.jcr.JcrPrivateRecordReference class:
PropertiesNode Value
| Node | Description |
|---|---|
export | |
| required The class implementing the export function. Magnolia provides the following implementation classes out-of-the-box:
|
| |
| |
| required Must implement the |
| |
| optional The name of the property to be excluded from appearing in a GDPR report file. |
Overview
Content Tools