Atomia GDPR

Configuration

4 views 0

Configure Atomia GDPR

Overview

Atomia GDPR requires some basic setup in the Atomia Admin Panel and optionally some DB and config value updates in the Atomia GDPR Web API.

Configure Atomia user

Atomia Admin Panel is using configuration parameters (GdprWebApiUsername, GdprWebApiPasswordand GdprWebApiUrl) from C:\Program Files (x86)\Atomia\AdminPanel\bin\Atomia.Web.Plugin.BillingAdminPanel.Gdpr.dll.config file in order to search for customer data. The default username and password, as well as the GDPR Web API hostname, should be set in the unattended.ini file in the GdprWebApi section, for example:

[GdprWebApi]
Username = someusername
Password = somecleartextpassword
Host = gdprapi.example.com

Make sure that the GdprWebApi section is added in the unattended.ini file on the Atomia Billing and Atomia Automation servers as well as on the server where Atomia Admin Panel is installed.

Keep in mind

Just like with any change in the transformation files, after every change in the unattended.ini file a reconfiguration is needed in order to merge the changes in the configuration file.

The same username and password should be set in the Atomia GDPR Web API database (AtomiaGdpr.users table).

Good to know

The AtomiaGdpr.users table already has entry for user with username Atomia. It is recomended to use that username and just update the password field.

Important!

The clear text password that is set in the unattended.ini file must be hashed with bcrypt hashing function ($2a$ algorithm) before saving into Atomia GDPR Web API database. There are many tools for bcrypt encryption, for example Browserling Password Generator.

Third-party clients

It’s possible to create a custom Atomia GDPR Web API client application, in which case a new user should be added to the database (AtomiaGdpr.users table).

Configure a template for the GDPR data PDF export

In order to export GDPR data into PDF from the Atomia Admin Panel GDPR search page, a GdprTemplate template must exist in the template list (Admin Panel > Settings > Mail templates). In case the template doesn’t exist, add it and use the following parameters:

  • Template name: GdprTemplate
  • Tag: Customer
  • Description: GDPR PDF template
  • Template Type: Generic
  • Content: any HTML content, an example can be found here.

Configure anonymization plugin

The plugin name is AnonymizeAccountScheduledEventHandler and is disabled by default. The corresponding scheduled task is paused by default also.

  1. Update plugin configuration by setting the correct Atomia GDPR Web API URL in the database.
    For the MSSQL database that can be done with the following SQL (make sure to set the correct URL in the query):

    UPDATE 
      [AtomiaBilling].[dbo].[plugin_configuration]
    SET 
      [value] = 'https://gdprapi.dev.atomia.com'
    FROM
      [AtomiaBilling].[dbo].[plugin_configuration] 
    INNER JOIN 
      [AtomiaBilling].[dbo].[plugin] 
        ON [fk_plugin_id] = [AtomiaBilling].[dbo].[plugin].[id]
    WHERE 
      [AtomiaBilling].[dbo].[plugin].[name] = 'AnonymizeAccountScheduledEventHandler'
  2. Enable plugin via Atomia Admin Panel
    Open Atomia Admin Panel and navigate to the Settings > Plugin Configuration. Locate AnonymizeAccountScheduledEventHandler and click on the Enable action button.
  3. Enable corresponding scheduled task via Atomia Admin Panel
    Open Atomia Admin Panel and navigate to the Settings > Scheduled task settings. Locate AnonymizeAccountScheduledEventHandler and configure scheduled time period – recommended value is Every 24 hours. Check the checkbox next to the task name and click on Resume action.

Configure retention periods

The AnonymizeAccountScheduledEventHandler will anonymize customer data based on the configured retention period. Retention periods are configured in the Atomia GDPR Web API database in the AtomiaGdpr.gdpr_retention_period table. It is configurable by data source and all retention periods are set to 12 months by default:

id  source         retention_period
1   Provisioning   12
2   User           12
3   Order          12
4   Invoice        12
5   Customer       12

There is also a RetentionPeriodTolerance setting in the C:\Program Files (x86)\Atomia\GdprWebApi\Web.config configuration file that is added to the retention period from the database in order to include customers that were terminated more than 12 months ago. By default, this value is set to 6 months.

Keep in mind

With retention period set to 12 and RetentionPeriodTolerance set to 6, the AnonymizeAccountScheduledEventHandler task will anonymize all terminated customers that were terminated between (current day – 18 months) and (current day – 12 months).

Good to know

You can set different retention periods for different data sources in the the AtomiaGdpr.gdpr_retention_period table.

Was this helpful?