GDPRSupport

This APS type must be implemented by those APS applications that must be compliant with General Data Protection Regulation (GDPR) of the European Union (EU).

Schema

The considered APS type (download) extends the Resource APS type(s) and looks as follows:

{
  "name" : "GDPRSupport",
  "id" : "http://www.odin.com/gdpr-support/1.2",
  "apsVersion" : "2.0",
  "implements" : [ "http://aps-standard.org/types/core/resource/1.0" ],
  "properties" : {
    "componentName": {
      "type": "string",
      "readonly": true,
      "default": ""
    }
  },
  "operations" : {
    "groups" : {
      "path" : "/groups",
      "verb" : "GET",
      "response" : {
        "type" : "array",
        "items" : {
          "type" : "Group"
        }
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      }
    },
    "accountInfo" : {
      "path" : "/accountInfo",
      "verb" : "GET",
      "response" : {
        "type" : "GDPRIdentity"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "uuid" : {
          "kind" : "query",
          "type" : "string"
        },
       "operationType" : {
         "kind" : "query",
         "type": "string"
        }
      }
    },
    "userInfo" : {
      "path" : "/userInfo",
      "verb" : "GET",
      "response" : {
        "type" : "GDPRIdentity"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "uuid" : {
          "kind" : "query",
          "type" : "string"
        },
       "operationType" : {
         "kind" : "query",
         "type": "string"
        }
      }
    },
    "canForgetAccount" : {
      "path" : "/canForgetAccount",
      "verb" : "GET",
      "response" : {
        "type" : "Result"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "uuid" : {
          "kind" : "query",
          "type" : "string"
        }
      }
    },
    "canForgetUser" : {
      "path" : "/canForgetUser",
      "verb" : "GET",
      "response" : {
        "type" : "Result"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "uuid" : {
          "kind" : "query",
          "type" : "string"
        }
      }
    },
    "forgetAccount" : {
      "path" : "/forgetAccount",
      "verb" : "POST",
      "response" : {
        "type" : "Result"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "identity" : {
          "kind" : "body",
          "type" : "GDPRForgetIdentity",
          "required" : true
        }
      }
    },
    "forgetUser" : {
      "path" : "/forgetUser",
      "verb" : "POST",
      "response" : {
        "type" : "Result"
      },
      "errorResponse" : {
        "type" : "object"
      },
      "access" : {
        "owner" : false,
        "referrer" : true,
        "global" : false
      },
      "parameters" : {
        "identity" : {
          "kind" : "body",
          "type" : "GDPRForgetIdentity",
          "required" : true
        }
      }
    }
  },
  "structures" : {
    "Group" : {
      "type" : "object",
      "properties" : {
        "groupId" : {
          "type" : "string"
        },
        "description" : {
          "type" : "string"
        },
        "keys" : {
          "type" : "array",
          "items" : {
            "type" : "Key"
          }
        }
      }
    },
    "GDPRIdentity" : {
      "type" : "object",
      "properties" : {
        "uuid" : {
          "type" : "string"
        },
        "info" : {
          "type" : "array",
          "items" : {
            "type" : "Info"
          }
        }
      }
    },
    "GDPRForgetIdentity" : {
      "type" : "object",
      "properties" : {
        "uuid" : {
          "type" : "string"
        },
        "email" : {
          "type" : "string"
        },
        "groupIds" : {
          "type" : "array",
          "items" : {
            "type" : "string"
          }
        }
      }
    },
    "Result" : {
      "type" : "object",
      "properties" : {
        "status" : {
          "type" : "boolean",
          "required" : true
        },
        "message" : {
          "type" : "string"
        }
      }
    },
    "Key" : {
      "type" : "object",
      "properties" : {
        "keyId" : {
          "type" : "string"
        },
        "keyDescription" : {
          "type" : "string"
        }
      }
    },
    "Info" : {
      "type" : "object",
      "properties" : {
        "groupId" : {
          "type" : "string",
          "required" : true
        },
        "key" : {
          "type" : "string",
          "required" : true
        },
        "value" : {
          "type" : "string"
        },
        "hideForUI" : {
          "type": "boolean",
          "default": false
        }
      }
    }
  }
}

Custom Operations

OPERATION

VERB

PATH

RETURNS

Description

groups

GET

/groups

Array of Group

The operation returns an array of personal data groups as classified by the application.

accountInfo

GET

/accountInfo

GDPRIdentity

The operation receives the APS ID of a personal account and returns the related personal data stored by the application.

userInfo

GET

/userInfo

GDPRIdentity

The operation receives the APS ID of a user and returns the related personal data stored by the application.

canForgetAccount

GET

/canForgetAccount

Result

The operation confirms whether it can erase personal data of a specified personal account.

canForgetUser

GET

/canForgetUser

Result

The operation confirms whether it can erase personal data of a specified user.

forgetAccount

POST

/forgetAccount

Result

The operation must erase the requested groups of personal data related with a specified personal account.

forgetUser

POST

/forgetUser

Result

The operation must erase the requested groups of personal data related with a specified user.

groups

HTTP Request

GET /aps/2/resources/{aps-id}/groups

Description

The operation returns an array of personal data groups as classified by the application. Every group is an object containing the group ID (string) and an array of keys. Every key declares a single personal data property that the application can store.

Returns

An array of Group.

accountInfo

HTTP Request

GET /aps/2/resources/{aps-id}/accountInfo?uuid={uuid}

Description

The operation receives the APS ID (UUID) of a personal account as a query string in the URL. It returns this APS ID along with an array of personal data of the required account. Every element of the array represents a property in the Info format.

Parameters

PARAMETER

TYPE

DESCRIPTION

uuid

String

APS ID of a personal account supplied as a query string in the URL.

Returns

An object in the GDPRIdentity format.

userInfo

HTTP Request

GET /aps/2/resources/{aps-id}/userInfo?uuid={uuid}

Description

The operation receives the APS ID (UUID) of a user as a query string in the URL. It returns this APS ID along with an array of personal data of the required user. Every element of the array represents a property in the Info format.

Parameters

PARAMETER

TYPE

DESCRIPTION

uuid

String

APS ID of a user supplied as a query string in the URL.

Returns

An object in the GDPRIdentity format.

canForgetAccount

HTTP Request

GET /aps/2/resources/{aps-id}/canForgetAccount?uuid={uuid}

Description

The operation receives the APS ID (UUID) of a personal account as a query string in the URL and in return it informs in the form of Result if it can erase personal data of the specified account.

Parameters

PARAMETER

TYPE

DESCRIPTION

uuid

String

APS ID of a personal account supplied as a query string in the URL.

Returns

An Info object that informs if the application is able to erase the personal data.

canForgetUser

HTTP Request

GET /aps/2/resources/{aps-id}/canForgetUser?uuid={uuid}

Description

The application receives the APS ID (UUID) of a user as a query string in the URL and in return it informs in the form of Result if it can erase personal data of the specified user.

Parameters

PARAMETER

TYPE

DESCRIPTION

uuid

String

APS ID of a user supplied as a query string in the URL.

Returns

An Info object that informs if the application is able to erase the personal data.

forgetAccount

HTTP Request

POST /aps/2/resources/{aps-id}/forgetAccount

{
   "uuid": "string",
   "email": "string",
   "groupIds": ["array of group IDs"]
}

Description

For the personal account specified by the uuid and the email properties, the operation must erase all personal data included into those groups whose IDs are specified in the groupsIds array.

Parameters

PARAMETER

TYPE

DESCRIPTION

uuid

String

APS ID of a personal account

email

String

Email address of a personal account

groupIds

Array of strings

A list of IDs that specify those groups that contain personal data to be erased

Returns

An Info object that informs if the operation is completed successfully.

forgetUser

HTTP Request

POST /aps/2/resources/{aps-id}/forgetUser

{
   "uuid": "string",
   "email": "string",
   "groupIds": ["array of group IDs"]
}

Description

For the user specified by the uuid and the email properties, the operation must erase all personal data included into those groups whose IDs are specified in the groupsIds array.

Parameters

PARAMETER

TYPE

DESCRIPTION

uuid

String

APS ID of a user

email

String

Email address of a user

groupIds

Array of strings

A list of IDs that specify those groups that contain personal data to be erased

Returns

An Info object that informs if the operation is completed successfully.

Structures

Group

The structure defines a group of properties classified as a part of personal data.

NAME

TYPE

ATTRIBUTES

DEFAULT

DESCRIPTION

groupId

String

Not required

Not applicable

Group ID unique in the scope of an APS application.

description

String

Not required

“”

Description of the personal data group used in a particular application.

keys

Array of Key

Not required

[]

Array of keys that declare properties of the group.

GDPRIdentity

Defines the response structure for the accountInfo and userInfo operations.

NAME

TYPE

ATTRIBUTES

DEFAULT

DESCRIPTION

uuid

String

Not required

Not applicable

APS ID of the user or account whose personal data is returned.

info

Array

Not required

[]

Array of Info objects, each informing about a property classified as a part of personal data.

GDPRForgetIdentity

Defines the structure of input for the forgetAccount and forgetUser operations.

NAME

TYPE

ATTRIBUTES

DEFAULT

DESCRIPTION

uuid

String

Not required

Not applicable

APS ID of a personal account or user whose personal data must be erased.

email

String in the format of email address

Not required

Not applicable

Email address of a personal account or user whose personal data must be erased.

groupIds

Array of strings

Not required

[]

List of IDs specifying those groups that contain personal data to be erased.

Result

Defines the structure of a response returned by some operations.

NAME

TYPE

ATTRIBUTES

DEFAULT

DESCRIPTION

status

Boolean

Required

Not applicable

true if the operation was completed successfully.

message

String

Not required

“”

Operation details.

Key

Defines the structure of an element in a Group of personal data.

NAME

TYPE

ATTRIBUTES

DEFAULT

DESCRIPTION

keyId

String

Not required

“”

ID used to identify a property inside a Group of personal data.

keyDescription

String

Not required

“”

Describes a property of personal data.

Info

The structure of a single property contained in personal data. It is an element of the GDPRIdentity structure.

NAME

TYPE

ATTRIBUTES

DEFAULT

DESCRIPTION

groupId

String

Required

Not applicable

ID of a Group that contains the property.

key

String

Required

Not applicable

A key ID that identifies a Key in the group specified by groupId.

value

String

Not required

“”

The value of the property specified by groupId and key.

Examples

The Personal Data document explains the implementation of GDPR concepts in the platform and respective API. It also contains sample codes of the methods supporting the custom operations of the considered APS type.