The 5.7 branch of Magnolia reached End-of-Life on December 31, 2023, as specified in our End-of-life policy. This means the 5.7 branch is no longer maintained or supported. Please upgrade to the latest Magnolia release. By upgrading, you will get the latest release of Magnolia featuring significant improvements to the author and developer experience. For a successful upgrade, please consult our Magnolia 6.2 documentation. If you need help, please contact info@magnolia-cms.com.
The Privacy module enables you to produce websites compliant with the General Data Protection Regulation (GDPR).
Module structure
| artifactID | Description |
|---|---|
| Parent reactor. |
| Provides the API for GDPR-related operations. |
| Provides a privacy-aware form component. |
| Provides:
|
| Provides usage examples of the above modules. |
| Provides the cookie API. |
Installing
Maven is the easiest way to install the modules. Add the following dependency to your bundle: Maven dependency management will include the other required submodules. Make sure that all dependencies are in the same version.
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-cookie-manager</artifactId>
</dependency>
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-visitor-manager</artifactId>
</dependency>
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-ui</artifactId>
</dependency>
<dependency>
<groupId>info.magnolia.privacy</groupId>
<artifactId>magnolia-privacy-sample</artifactId>
</dependency>
Configuration
The configuration of the Privacy module is done in the privacy-visitor-manager submodule, which allows you to define the following:
- Groups of personal fields that are used as database field names (JCR properties in case of the JCR workspace) to organize the personal data collected and processed for the purposes of GDPR.
- Visitor References Searchers, a list of systems (typically workspaces) registered to process GDPR-sensitive data.
- Names of system properties to be excluded from a GDPR report: an export in machine-readable format of all data and data categories stored and processed by Magnolia for the purposes of GDPR.
Personal fields
Personal field groups are configured under /visitor-manager/config/personalFields, see an example hierarchy below.
A content app processing GDPR-sensitive data, or an editor working with such an app, is able to process the data only if the visitor has given consent.
A visitor must give consent for the whole group, such as name or addressOne in the example below.
Example field hierarchy email lastname middlename firstname country city streetaddress zipNode Value visitor-manager config personalFields email fieldNames email name fieldNames lastName middleName firstName addressOne fieldNames country city streetAddress zipCode
Visitor references searchers
The searchers are defined under /visitor-manager/config/visitorReferencesSearchers. Magnolia provides searcher configurations out-of-the-box for:
JCR Searcher.
- IBM Watson Reference Searcher (part of the IBM Web Forms implementation of the External Forms module).
In the following example, the info.magnolia.consent.visitor.jcr.JcrVisitorReferencesSearcher contacts visitorscontact and visitors workspaces are registered to be able to process GDPR-sensitive data in the JcrVisitorReferencesSearcher:
PropertiesNode Value visitor-manager config visitorReferencesSearchers jcr class workspaces contacts visitors
| Node | Description |
|---|---|
<searcher-name> | |
| required The class implementing the searcher. The following searcher implementations are provided by Magnolia:
|
| |
| required Name of the workspace registered to process GDPR-sensitive data.
|
Filtering JCR references for export
This feature is relevant only to JCR. We don't provide any filtering for Watson.
Under the excludedNames node of the /visitor-manager/commands configuration subtree, you can list the properties that should not be included in a GDPR report. GDPR reports typically show all visitor-related data and data categories stored and processed for the purposes of GDPR.
The following example shows an exclusion configuration implementing the info.magnolia.consent.visitor.jcr.JcrPrivateRecordReference$ExportCommand info.magnolia.jcr.predicate.PropertyFilteringPredicate mgnl:lastActivatedVersionCreated mgnl:lastActivatedVersion jcr:created mgnl:lastActivatedBy mgnl:lastActivated mgnl:lastModifiedBy jcr:primaryType mgnl:activationStatusinfo.magnolia.consent.visitor.jcr.JcrPrivateRecordReference class:
PropertiesNode Value visitor-manager commands visitor-manager export class contentDecorator propertyPredicate class excludedNames mgnlLastActivatedVersionCreated mgnlLastActivatedVersion jcrCreated mgnlLastActivatedBy mgnlLastActivated mgnlLastModifiedBy jcrPrimaryType mgnlActivationStatus
| Node | Description |
|---|---|
export | |
| required The class implementing the export function. Magnolia provides the following implementation classes out-of-the-box:
|
| |
| |
| required Must implement the |
| |
| optional The name of the property to be excluded from appearing in a GDPR report file. |
Overview
Content Tools