Magnolia 5.7 reached extended end of life on May 31, 2022. Support for this branch is limited, see End-of-life policy. Please note that to cover the extra maintenance effort, this EEoL period is a paid extension in the life of the branch. Customers who opt for the extended maintenance will need a new license key to run future versions of Magnolia 5.7. If you have any questions or to subscribe to the extended maintenance, please get in touch with your local contact at Magnolia.

The Privacy module enables you to produce websites compliant with the General Data Protection Regulation (GDPR).

Module structure

artifactIDDescription

magnolia-privacy

Parent reactor.

magnolia‐privacy‐visitor‐manager

Provides the API for GDPR-related operations.

magnolia‐privacy‐form

Provides a privacy-aware form component.

magnolia‐privacy‐ui

Provides:

magnolia‐privacy‐sample

Provides usage examples of the above modules.

magnolia‐privacy‐cookie‐manager

Provides the cookie API.

Installing

Maven is the easiest way to install the modules. Add the following dependency to your bundle:

<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-cookie-manager</artifactId>
</dependency>
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-visitor-manager</artifactId>
</dependency>
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-ui</artifactId>
</dependency>
<dependency>
  <groupId>info.magnolia.privacy</groupId>
  <artifactId>magnolia-privacy-sample</artifactId>
</dependency>

Maven dependency management will include the other required submodules. Make sure that all dependencies are in the same version.

Configuration

The configuration of the Privacy module is done in the privacy-visitor-manager submodule, which allows you to define the following:

  • Groups of personal fields that are used as database field names (JCR properties in case of the JCR workspace) to organize the personal data collected and processed for the purposes of GDPR.
  • Visitor References Searchers, a list of systems (typically workspaces) registered to process GDPR-sensitive data.
  • Names of system properties to be excluded from a GDPR report: an export in machine-readable format of all data and data categories stored and processed by Magnolia for the purposes of GDPR.

Personal fields

Personal field groups are configured under /visitor-manager/config/personalFields, see an example hierarchy below.

A content app processing GDPR-sensitive data, or an editor working with such an app, is able to process the data only if the visitor has given consent.

A visitor must give consent for the whole group, such as name or addressOne in the example below.

Example field hierarchy

NodeValue

 visitor-manager


      config


          personalFields


              email


                  fieldNames


                      email

email

              name


                  fieldNames


                      lastName

lastname

                      middleName

middlename

                      firstName

firstname

              addressOne


                  fieldNames


                      country

country

                      city

city

                      streetAddress

streetaddress

                      zipCode

zip

Visitor references searchers

The searchers are defined under /visitor-manager/config/visitorReferencesSearchers. Magnolia provides searcher configurations out-of-the-box for:

In the following example, the contact and visitors workspaces are registered to be able to process GDPR-sensitive data in the JcrVisitorReferencesSearcher:

NodeValue

 visitor-manager


      config


          visitorReferencesSearchers


              jcr


                  class

info.magnolia.consent.visitor.jcr.JcrVisitorReferencesSearcher

                  workspaces


                      contacts

contacts

                      visitors

visitors

Properties

NodeDescription
<searcher-name>


class

required

The class implementing the searcher.

The following searcher implementations are provided by Magnolia:

  • info.magnolia.consent.visitor.jcr.JcrVisitorReferencesSearcher
  • info.magnolia.extforms.consent.WatsonReferencesSearcher

workspaces


<workspace-name>

required

Name of the workspace registered to process GDPR-sensitive data.

(warning) The workspaces are specific only to the JcrVisitorReferencesSearcher .

Filtering JCR references for export

(warning) This feature is relevant only to JCR. We don't provide any filtering for Watson.

Under the excludedNames node of the /visitor-manager/commands configuration subtree, you can list the properties that should not be included in a GDPR report. GDPR reports typically show all visitor-related data and data categories stored and processed for the purposes of GDPR.

The following example shows an exclusion configuration implementing the info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference class: 

NodeValue

 visitor-manager


      commands


          visitor-manager


              export


                  class

info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference$ExportCommand

                  contentDecorator


                      propertyPredicate


                          class

info.magnolia.jcr.predicate.PropertyFilteringPredicate

                          excludedNames


                              mgnlLastActivatedVersionCreated

mgnl:lastActivatedVersionCreated

                              mgnlLastActivatedVersion

mgnl:lastActivatedVersion

                              jcrCreated

jcr:created

                              mgnlLastActivatedBy

mgnl:lastActivatedBy

                              mgnlLastActivated

mgnl:lastActivated

                              mgnlLastModifiedBy

mgnl:lastModifiedBy

                              jcrPrimaryType

jcr:primaryType

                              mgnlActivationStatus

mgnl:activationStatus

Properties

NodeDescription
export


class

required

The class implementing the export function.

Magnolia provides the following implementation classes out-of-the-box:

  • info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference 
  • info.magnolia.extforms.consent.WatsonRecordReference

contentDecorator


propertyPredicate


class

required

Must implement the info.magnolia.jcr.predicate.PropertyFilteringPredicate class.

excludedNames


<property-name>

optional

The name of the property to be excluded from appearing in a GDPR report file.