Versions Compared

Old Version 4

changes.mady.by.user Julie Legendre

Saved on

compared with

New Version Current

changes.mady.by.user Martin Drápela

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: DOCU-2700

...

clearboth
width244px
alignright
classmenu

Related topics:

This page describes how to enable GDPR features offered by Magnolia with your third-party marketing automation system.Magnolia provides a sample implementation showing how you can collect leads (such as email addresses) on shows how to ensure data privacy when you collect personal data on the website and store data in an external system. In this example we collect an email address from the visitor in a web form, ask the visitor for their consent, and push those leads to store the data in IBM Watson Marketing. The example on this page make use of the Privacy moduleIBM Marketing cloud connector and External Forms modulesuses the Magnolia External Forms IBM module and the Magnolia Data privacy API.

Table of Contents

How the example works

The External Forms IBM module adds a watsonFormSample page In the sample implementation, the magnolia-external-forms-ibm module (sub module of External Forms) provides a page called watsonFormSample in the Pages app. This The page contains a simple form with an email field form linked to . The form was created in IBM Watson . The form is processed using an out-of-the-box processor called XXXand is rendered by Magnolia.

Image Added

When a visitor types their email address into the field and submits the form, Magnolia processes the input. Magnolia uses an 

Javadoc resource link
classNameinfo.magnolia.extforms.services.ExternalFormService
renderTypeasynchronous
 named ibm to process the form data. Magnolia asks the visitor to give consent for storing personal data and how long that consent should be valid.

Image Added

The example uses Magnolia's default data privacy mechanism. The mechanism records the consent in the Visitors app Magnolia and links to IBM Watson as the external data storage. The default privacy mechanism comes from magnolia‐privacy‐visitor‐manager which is a submodule of the Privacy module. A custom visitor reference searcher called The visitor consent tracking mechanism is provided using the default implementation of the magnolia‐privacy‐visitor‐manager module (sub module of Privacy module). A dedicated visitor references searcher called info.magnolia.extforms.consent.WatsonReferencesSearcher processes GDPR-sensitive data from the forms.

Note

Note that External Forms is an EE std module and is not bundled.

Configuring the sample 

To enable the sample with your implementation of IMB Watson XXX follow the instructions in the IBM Marketing Cloud connector page to connect to your Watson database.

  1. If you do not already have one, create a database in your Watson Campaign Automation account

...

  1. Create a selection field called LAYOUT in the database.
  2. Add the desired field names as values for selection.

...

Set the databaseId against which you want to run authentication. This should be the same database as the one defined for the SilverpopTraitsDetectorFilter .

...

 SilverpopAuthenticationFilter

...

 enabled

...

true

...

 class

...

info.magnolia.silverpop.login.SilverpopAuthenticationFilter

...

 databaseId

...

4014446

...

Form component that fetches data from external form (e.g. IBM)

When a visitor submits data in the form, consent is requested (same as JCR forms in Magnolia)

Email requests consent confirmation (double opt-in)

See visitors app - new item, stored in visitors workspace (same consent process).

You can also view dependencies from JCR and from external sources such as IBM Watson. Clickable link takes you to Watson campaign automation dashboard (contacts list), where you can see the an entry for the visitor along with the consent recorded.

Other gdpr features also interact with external source: send all data (export from JCR but also JSON from watson), forget me, delete all my data (request sent to watson). 

Simple form processing compared to GDPR-compliant form processing

In an ordinary form, the data entered in the input field is usually processed directly upon hitting the submit button on the form.

A GDPR-compliant form needs to follow a more complex procedure called double opt-in:

  • A form that contains personal data has to be submitted together with the user's consent for the processing of such data. This is usually done via checkboxes which the user has to tick off before submitting the form.
  • In the second step, the user has to confirm the consent given. Typically the user receives an opt-in email with links to a web page where the user can finish the double opt-in procedure, that is confirm or reject the consent.

In the example below, we assume that we have a text input form field called fullname that must be handled in compliance with GDPR.

Data storage

...

In this section, you create a new GDPR-compliant form. You need the knowledge gained here in the second section where you already have a form and want to adapt it for GDPR.

The Magnolia Travel Demo bundle comes with a sample form component template called (GDPR) Store data form, which is provided by the privacy-sample submodule and designed for the purposes of GDPR.

This component template is preconfigured to:

  • Ask for a user's consent before submitting the form by displaying consent checkboxes.
  • Send the user an opt-in email.

Adding and configuring the form

  1. Make sure that the page in which you want to create the form uses the Travel Standard page template.
  2. Add a (GDPR) Store data form component to the page:
    Image Removed
    Image Removed
    Please note that if you want to create the page in the root, the root level should be at least a site's root, not the root in the Pages app due to
    Jira
    serverMagnolia - Issue tracker
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId500b06a6-e204-3125-b989-2d75b973d05f
    keyMGNLDEMO-292
    .
  3. Click Edit in the Action bar to edit the form component. 
  4. On the Opt-in Email tab configure the parts of the email which will be sent to the user in the second phase of the opt-in procedure:
    Image Removed
    The largest text area in the dialog is where you can define with FreeMarker variables how the main message of the confirmation email will look like. The body of this email message should contain hyperlinks to a consent confirmation/rejection page. The Travel Demo comes with a sample of such a page at /travel/contact/confirmation
  5. Copy and paste this path to the Confirmation page field of the dialog and save the changes.

Adding a GDPR-sensitive field

...

Configure the option in which the user chooses consent duration in the Expiration options field. Use the following format <label>:<timeUnit>__<timeQuantifier> where
<label> represents the label shown for the option.
<timeUnit> defines the time unit. Use 1 for year, 2 for month or 10 for hour.
<timeQuantifier> defines the actual length of consent for the time unit specified.
For example, if you want to allow the user to choose from consent durations of 24 hours, 72 hours and 1 month, you need enter the following in the field:

Code Block
languagetext
24 hours:10__24
72 hours:10__72
1 month:2__1

...

the personal data on the form.

Similar to the IBM Watson example, you can connect to a different external marketing automation tool or your own CRM system. See the examples for Eloqua and InfusionSoft. You need to render the forms created in the external system and process the submitted data in Java or JavaScript/Nashorn. For data privacy, use the Magnolia default 

Javadoc resource link
classNameinfo.magnolia.consent.visitor.VisitorManager
renderTypeasynchronous
 or implement your own.

Image Added

Installation

Install the External Forms module which is an EE Standard module. The module is not bundled with Magnolia by default.

Required artifacts:

  • External forms: eenders external forms as Magnolia forms.

  • External forms IBM: example implementation for the IBM Watson Campaign Automation tool.

  • (warning) External forms Infusionsoft: not needed, you can exclude this.
  • (warning) External forms Eloqua: not needed, you can exclude this.

Configuration

Connecting to IBM Watson database

  1. Create a Single Opt-In database in Watson Campaign Automation account.
  2. Make sure that Email is one of the fields in your database. 
  3. Open the additional details and copy the Database ID.
    Image Added
  4. In Magnolia, go to Configuration app > /modules/visitor-manager/config/visitorReferencesSearchers/watson/databasesIds
  5. Add a watsonid property node under databaseIds and set its value to the Database ID you copied earlier. The name of the property is arbitrary. You can add as many database IDs as required. 
  6. Go to Configuration app > /modules/external-forms-ibm/config
  7. Add your IBM Watson credentials for the three properties:
    • clientId
    • clientSecret
    • refreshToken

Creating an external web form with a privacy-aware email field

If you already have an IBM Watson Marketing Automation web form with an Email field, add the form on the watsonFormSample page. Use the External Form component. The component extends the default externalForm component and does the following:

  • Fetches a form from IBM Watson as configured in site URL.
  • Asks for visitor consent before submitting the form. The consent is given by checking a box.
  • Sends the visitor an opt-in email for the second phase of the opt-in procedure.

To create an external web form and connect it to Magnolia:

  1. In your IBM Watson Automation Campaign database, create a new standard web form.
  2. Keep the default form fields and follow the instructions in the IBM wizard. 
  3. Publish the form.
  4. On the Publish Confirmation page, click Publish Site.
  5. In Site Settings, copy the site URL, for example http://www.pages03.net/trial-magnoliainternational/<sitename>/Form
  6. In Magnolia, go to the Pages app and open the watsonFormSample page: http://localhost:8080/magnoliaAuthor/.magnolia/admincentral#app:pages:detail;/watsonFormSample:edit
    Image Added
  7. Edit the External Form sample component. Add the URL of the site you just published.
    Image Added
Hide block

Moved to a hide block and publishing of this left as "pending" cause the info is not the "optimum" we'd like to teach the users.

Note

If you encounter problems, try refreshing the configuration of the  magnolia-external-forms-ibm  module. To do so, navigate to a property in Configuration app > /modules/external-forms-ibm/config , enter the property's value and close it again. This restarts the module.

The component can now fetch data from IBM Watson Automation Campaign.

Viewing consent in Magnolia and IBM Watson Campaign Automation

Info

If you want to act as a visitor and test this process yourself, you must configure your Mail settings in Magnolia first.

  1. Preview the watsonFormSample page in the Pages app.
  2. Fill the form with your email address.
  3. Give consent to processing personal data.
    Image Added Image Added
  4. Open the Tools > Visitors app. Your entry as a visitor is created but no consent to storing personal data is recorded yet until the double opt-in process is complete. You can see this by selecting the item in the Visitors app and clicking Update consent.
    Image Added
  5. Complete the double opt-in process. Open your email inbox and click the link in an email that was sent to you. Click the Proceed button on the web page to confirm your consent.

    The email message sent to visitors is configured in the  Opt-in Email  tab of the External Forms component. See GDPR and Forms for details about configuring email options and consent duration settings.

  6. Once a visitor confirms their consent, you can see a record of it in the Visitors app.
    Image Added
  7. Click Show dependencies to see the link to the external source, in this case IBM Watson Campaign Automation.
    Image Added 
    The link takes you to your Watson dashboard where you can see an entry for the visitor along with the consent recorded.
    Image Added

You can also use other Magnolia data privacy features with an external source:

  • Export all data (export from JCR but also JSON from Watson)
  • Forget a visitor
  • Delete a visitor's data (request sent to Watson)

Updating Privacy module configuration

Info

Since this step is done in the Configuration app, you need the superuser role to access the app and change the configuration.

Both the email field, which comes preconfigured with the (GDPR) Store data form template, and the fullname field, added to the form's field set, must be database names registered in the system for GDPR-compliant data processing. This is done in the configuration of the Privacy module. 

Open the visitor-manager module configuration at /modules/visitor-manager/config/personalFields.

Add the newly added fullname field name as a property (which is in fact arbitrary) and value under the name/fieldNames node, which is already present in the configuration:

Image Removed

At this point, the newly created form is GDPR-compliant. The user is asked to give consent to process the data entered:

Image Removed

...

In this section, we assume that we already have a form with a text input field labeled Full Name, internally fullname, and we want to adapt to comply with GDPR:

Image Removed

Changing and configuring the component template

First you need to change the form's template to use one that is designed for GDPR. In this example, we use the template called (GDPR) Store data form again.

Select the form and change its template to (GDPR) Store data form:

Image Removed

In the next step, switch to the Opt-in Email tab and configure the parts of the opt-in email:

Image Removed

After saving the changes the form contains two field sets:

Image Removed

Relocating the text input field

Now you have to make the Full Name field in the first field set a member of the other field set. With superuser role you can do that in the JCR Browser app:

Image Removed

After this operation, the Full Name field is located next to the Email field:

Image Removed

Updating Privacy module configuration

Again, the fullname field, added to the form's field set, must be a database name registered in the system for GDPR-compliant data processing. Ask your system administrator to do this for you if don't have access to the Configuration app.

Open visitor-manager module configuration at /modules/visitor-manager/config/personalFields.

Make sure that the relocated field's  fullname name is a property and value under the name/fieldNames node, which is already present in the configuration. If it isn't there yet, add it there. The relocated field is now also subject to the logic of the (GDPR) Store data form template and hence the GDPR requirements. When submitting the page, the user is asked to give consent for both text input fields in the form, Full Name and Email:

...