Configure Atomia GDPR
Overview
Atomia GDPR requires some basic setup in the Atomia Admin Panel and optionally some DB and config value updates in the Atomia GDPR Web API.
Configure Atomia user
Atomia Admin Panel is using configuration parameters (GdprWebApiUsername, GdprWebApiPasswordand GdprWebApiUrl) from C:\Program Files (x86)\Atomia\AdminPanel\bin\Atomia.Web.Plugin.BillingAdminPanel.Gdpr.dll.config file in order to search for customer data. The default username and password, as well as the GDPR Web API hostname, should be set in the unattended.ini file in the GdprWebApi section, for example:
[GdprWebApi] Username = someusername Password = somecleartextpassword Host = gdprapi.example.com
Make sure that the GdprWebApi section is added in the unattended.ini file on the Atomia Billing and Atomia Automation servers as well as on the server where Atomia Admin Panel is installed.
The same username and password should be set in the Atomia GDPR Web API database (AtomiaGdpr.users table).
Third-party clients
It’s possible to create a custom Atomia GDPR Web API client application, in which case a new user should be added to the database (AtomiaGdpr.users table).
Configure a template for the GDPR data PDF export
In order to export GDPR data into PDF from the Atomia Admin Panel GDPR search page, a GdprTemplate template must exist in the template list (Admin Panel > Settings > Mail templates). In case the template doesn’t exist, add it and use the following parameters:
- Template name: GdprTemplate
- Tag: Customer
- Description: GDPR PDF template
- Template Type: Generic
- Content: any HTML content, an example can be found here.
Configure anonymization plugin
The plugin name is AnonymizeAccountScheduledEventHandler and is disabled by default. The corresponding scheduled task is paused by default also.
- Update plugin configuration by setting the correct Atomia GDPR Web API URL in the database.
For the MSSQL database that can be done with the following SQL (make sure to set the correct URL in the query):UPDATE [AtomiaBilling].[dbo].[plugin_configuration] SET [value] = 'https://gdprapi.dev.atomia.com' FROM [AtomiaBilling].[dbo].[plugin_configuration] INNER JOIN [AtomiaBilling].[dbo].[plugin] ON [fk_plugin_id] = [AtomiaBilling].[dbo].[plugin].[id] WHERE [AtomiaBilling].[dbo].[plugin].[name] = 'AnonymizeAccountScheduledEventHandler' - Enable plugin via Atomia Admin Panel
Open Atomia Admin Panel and navigate to the Settings > Plugin Configuration. Locate AnonymizeAccountScheduledEventHandler and click on the Enable action button. - Enable corresponding scheduled task via Atomia Admin Panel
Open Atomia Admin Panel and navigate to the Settings > Scheduled task settings. Locate AnonymizeAccountScheduledEventHandler and configure scheduled time period – recommended value is Every 24 hours. Check the checkbox next to the task name and click on Resume action.
Configure retention periods
The AnonymizeAccountScheduledEventHandler will anonymize customer data based on the configured retention period. Retention periods are configured in the Atomia GDPR Web API database in the AtomiaGdpr.gdpr_retention_period table. It is configurable by data source and all retention periods are set to 12 months by default:
id source retention_period 1 Provisioning 12 2 User 12 3 Order 12 4 Invoice 12 5 Customer 12
There is also a RetentionPeriodTolerance setting in the C:\Program Files (x86)\Atomia\GdprWebApi\Web.config configuration file that is added to the retention period from the database in order to include customers that were terminated more than 12 months ago. By default, this value is set to 6 months.