GDPR Plugin

Here you will find documentation for the GDPR Plugin to meet GDPR requirements.

🚧

UI Change in the Admin Console for 1.9.1 Release:

You can now find the GDPR Plugin in Plugins > GDPR Compliance Kit in your admin console, instead of Admin > Users & Groups > Settings > GDPR End Points .

Overview of the GDPR Plugin

  • You can enable the plugin in the AnswerHub Admin Dashboard.
  • To leverage the plugin, you need to enable your AnswerHub site API by navigating to Site > General > Settings and enable the REST API Status toggle as a site super user.
  • To manage the plugin, you must be a super user with network admin privileges and have the Use API permission granted (see (Grant the Use API Permission to an AnswerHub User)[https://developer.devada.com/docs/grant-the-use-api-permission-to-a-user] to do so).
  • The system should automatically enable the GDPR API Plugin, but if it is not, you will need to enable it from the Disabled Plugins tab. To enable the plugin, navigate to Site > Manage Plugins, locate the GDPR API Plugin and click ENABLE.
  • GDPR APIs are callable from the site admin when you enable the GDPR plugin, and from a REST client.
  • The system adds GDPR APIs at node level to account for future content types (Ideas, Articles) that you may enable. The API calls are node agnostic.
  • We include logging activities for GDPR API success and error, availability of return codes on the GDPR admin page, and logging on the info level calls.

Site Admin Page

❗️

WARNING:

Actions to anonymize and delete are permanent, and you cannot undo them. Ensure you are anonymizing and deleting the correct users before proceeding.

When you enable the GDPR plugin in the admin dashboard, a new settings page displays under Users & Groups > Settings > GDPR End Points: /admin/settings/gdpr/support.html

There are five tabs in the admin dashboard to interact with the GDPR plugin.

Attachments Actions

You can perform a GET request or a DELETE request from this tab.

  1. Enter a superuser's credentials.
  2. Enter in a superuser's credentials.
  3. Select either GET or DELETE from the drop-down.
  4. Enter the user ID in the text field.
  5. Click the SUBMIT button.
    You will see the status code under "Result Code" and any results from the request will show up under "Result."

Query Content

You can perform a profile or content query request from this tab.

  1. Enter a superuser's credentials.
  2. Select either profile or content from the drop-down.
  3. Enter the user ID in the text field.
  4. Click the SUBMIT button.
    You will see the status code under "Result Code" and any results from the request will show up under "Result."

Actions

You can perform a Delete activity, Suspend user, and Delete user as an action request from this tab.

  1. Enter a superuser's credentials.
  2. Select either Delete activity, Suspend user, or Delete user from the drop-down.
  3. Enter the user ID in the text field.
  4. Click the SUBMIT button.
  • The Execution ID field auto-populates in the Anonymize tab when you press Submit. You need to anonymize if you want to delete. The Execution ID is for requesting information on the delete process. The execution endpoint handles status for all sync processes, delete action, delete user and anonymize user.
  • You will see the status code under "Result Code" and any results from the request will show up under "Result."

Anonymize

You can anonymize a user from this tab and assign the user's content to a different user id.

  1. Enter a superuser's credentials.
  2. Enter the user ID in the text field.
  3. Enter user ID to reassign content, if applicable.
  4. Click the SUBMIT button.

πŸ“˜

NOTE ON CONTENT REASSIGNMENT:

We reassign all nodes the user owns and all actions that are node related. We remove votes and attachments. The rest of the actions that are not node related will remain assigned to the user.

  • The Execution ID field auto-populates in the Anonymize tab when you click SUBMIT. Once it auto-populates, you can click SUBMIT again to see the status of the anonymization process.
  • You will see the status code under "Result Code" and any results from the request will show up under "Result."
  • There are additional options you can select and unselect by clicking on the SHOW ADVANCED ANONYMIZATION SETTINGS link.

Query Logs

To view an audit trail of the activity done using the GDPR plugin, you can click the SUBMIT button. All the text fields are optional.

You will see the status code under "Result Code" and any results from the request will show up under "Result."

User List/Population

We include this in the site admin page from above. The user population list allows a site admin to search for specific users to perform actions for each of the endpoints.

Discussing the Endpoints

There are specific new endpoints related to the GDPR plugin. Below are descriptions of the endpoints and what you should expect to be able to do with them.

To view the endpoints and more technical information related to the API, visit the References for GDPR Endpoints. Scroll down to the GDPR category to see all GDPR endpoints.

1. Anonymize User/Anonymize User Content

The ability to anonymize content provided to a specific user.

  • This API anonymizes user content. Any "follow" relationships the user has, the system handles as part of the delete user profile API operation.
  • User votes and likes: If the anonymized user has voted on or liked a post, the system removes the vote or like under this operation.
  • The system replaces all @references to the user with the anonymous user reference.
  • The system removes links to all attachments submitted by the user from posts.

Actions performed during anonymization:
a. Anonymizes user content and node modification actions for Questions, Ideas, Articles, Answers, Comments, and votes.
b. Follow relationships handled as part of the user profile delete operation.
c. Votes and likes removed.
d. All @references to a user replaced with the anonymous user reference.
e. All alter ego user actions replaced with the anonymous user reference.
f. All instances of the user email replaced with an anonymous reference.
g. All instances of the user's username replaced with an anonymous reference.
h. Links to all attachments and the attachments submitted by the anonymized user removed.
i. Content published using the anonymized user as an alter ego anonymized.
j. User profile information is set to default anonymous content.
k. The user gets suspended to avoid their anonymized user from posting further anonymous content, and to avoid duplicated anonymized profiles.

πŸ“˜

NOTE:

A user should not anonymize themselves.

πŸ“˜

NOTE:

We do not allow deleting a user if that user still has content or actions associated with their account. The workflow for anonymizing, deleting a user or deleting their content should be the following:

  1. POST anonymize user content (to remove all user references to an anonymous user).
  2. DELETE user activity (to remove all "actions" activity of the user).
  3. DELETE the user.

πŸ“˜

NOTE:

After anonymizing a user, they you should subsequently delete or suspend them to avoid:

  1. Duplicate profiles for the anonymous user and the user you anonymized their info to.
  2. To prevent an anonymized user from logging back into the community to post new non-anonymized content.

2. Delete User Attachments

The ability to delete all attachments uploaded by the user.

Actions performed during user attachment deletion:
a. Removal of each attached user file uploaded on any post from the storage database.
b. Update of body content post by removing any attachment (img/href) link the user added.

πŸ“˜

NOTE:

User attachments are removed as part of the Anonymize User API. If you have previously anonymized a user, their attachments will no longer be available.

πŸ“˜

NOTE:

We do not allow deleting a user if that user still has content/actions associated with their account. The workflow for anonymizing, deleting a user or deleting their content, is as follows:

  1. POST anonymize user content (to remove all user references to be an anonymous user).
  2. DELETE user activity (to remove all "actions" activity of the user).
  3. DELETE the user.

3. Hard Delete User/User Content

The ability to delete a user's content and activity from the system. This will remove the user and all the user's references from the database. The actual record will no longer exist in the database.

We do not allow this if the user has activities, content, or votes still associated with their user. You must do the following as a prerequisite:
a. Anonymize the user.
b. Delete the user activity.

Actions performed during user deletion:
a. Deletion of all apps connected to the user.
b. Deletion of all user messages.
c. Deletion of all user email references.
d. Deletion of all user authentication modes.
e. Deletion of all users permissions.
f. Deletion of all user notification preferences.
g. Deletion of all user follow relationships.
h. Deletion of all user node attachments.

πŸ“˜

NOTE:

We remove user attachments as part of the Anonymize User API. If yo have previously anonymized a user, their attachments will no longer be available.

πŸ“˜

NOTE:

We do not allow deleting a user if that user still has content/actions associated with their account. The workflow for anonymizing, deleting a user or deleting their content, is as follows:

  1. POST anonymize user content (to remove all user reference to an anonymous user).
  2. DELETE user activity (to remove all "actions" activity of the user).
  3. DELETE the user.

4. Delete User Activity

Deletes user activity from the database.

The system will delete any activity not anonymized (see anonymize user content API) from the activities table.

Actions performed during execution of the operation:

  • Deletes all user activity/actions the user has performed under AnswerHub:
AcceptAdd to groupAnswerAnswer to commentAskAsk to answerAward closeComment
Comment to answerDeactivateDeleteFavoriteFollowMerge intoMerge topicsNew idea comment
New ideaNew kbentryNew topicNode viewOrganizationalPublishRejectRetag
ReviseSend to moderationSet idea statusSuspendTopic usedUnfollowUser joinsUser join site
User loginVote downVote upDelete all user awardsDelete all user actions reputationsDelete all user notifications

πŸ“˜

NOTE:

We do not allow deleting a user if that user still has content or actions associated with their account. The workflow for anonymizing, deleting a user or deleting their content, is as follows:

  1. POST anonymize user content (to remove all user reference to be an anonymous user).
  2. DELETE user activity (to remove all "actions" activity of the user).
  3. DELETE the user.

5. Suspend User Account

a. A suspended user cannot create new content, vote, or otherwise perform actions on the community.

Actions performed during suspension:
a. The user is flagged as inactive.
b. A new suspend action is triggered.
c. The suspended user will no longer have access to the site or be able to log in to the site.

πŸ“˜

NOTE:

An admin can lift the user suspension by locating the user on the Users & Groups page and clicking LIFE SUSPENSION on the Manage User: [username] page.

πŸ“˜

NOTE:

After anonymizing a user, you should subsequently delete or suspend the user to avoid:

  1. Duplicate profiles for the anonymous user and the user you anonymized their info to.
  2. Prevent an anonymized user from logging back into the community to post new non-anonymized content.

b. You should not use this API if you have anonymized a user and/or their content.

6. Retrieve User Attachments

The ability to query for all attachments the user has ever uploaded.

Returns a list of attachment descriptors for a user.
a. Returns URL for each attachment.
b. Returns the name of the file.
c. Includes the post ID associated with the file.

πŸ“˜

NOTE:

We remove user attachments as part of the Anonymize User API. If you previously anonymized a user, their attachments will no longer be available.

πŸ“˜

NOTE:

We do not allow deleting a user if that user still has content/actions associated with their account. The workflow for anonymizing, deleting a user or deleting their content, is as follows:

  1. POST anonymize user content (to remove all user reference to an anonymous user).
  2. DELETE user activity (to remove all "actions" activity of the user).
  3. DELETE the user.

7. Query User Content

The ability to query for content (not just action summary but the action content as well; i.e. view the comment itself) the user has ever added to the site including the ones that have been soft-deleted. A soft delete will flag the user as deleted. The user's data is still available, and you query it in the database.

This API retrieves the content for all a user's activity with the content that the user posted.

(8) Query User Profile & Preferences

The ability to query user profile and preferences.

Retrieves the user's profile information.

This API will return the following:
a. Profile information as shown in the profile page (user info, about me, topic interests).
b. Notification preferences
c. Expertise settings
d. Alter-egos
e. Manage Applications

(9) Query GDPR Activity Logging

Inventory of any debug spew logging that contains EUPI & EUII.

Retrieves a list of the GDPR activity performed. You can also be query it for a given user or in a given time frame.


What’s Next