Most will have heard of the GDPR by now, if only from the many privacy policy emails which flooded inboxes in the lead-up to the law taking effect on 25th May 2018. For those who have managed to escape the details, GDPR stands for General Data Protection Regulation, an EU regulation which is essentially a more aggressive and citizen-friendly version of the 1995 Data Protection Directive, updated for the age of social media. It's all about giving ownership and control of personal data back to the individual, and as a user I think it's great. As a Django developer though, it does throw up some challenges.
This is where Django-GDPR-assist aims to help. It works by looking for a PrivacyMeta object defined on your model, which you can use to describe which fields contain PII, and to control how anonymisation and exports should work on your model's fields.
class MyModel(models.Model):
user = models.ForeignKey(
settings.AUTH_USER_MODEL,
blank=True,
null=True,
on_delete=gdpr_assist.ANONYMISE(models.SET_NULL),
)
display_name = models.CharField(max_length=255)
public_data = models.TextField()
class PrivacyMeta:
fields = ['display_name']
def anonymise_display_name(self, instance):
return 'Anonymous user'The GDPR also discourages having unnecessary copies of data, which can present an issue during development; we find it useful to sometimes run tests against copies of a production database. In these situations to avoid potentially holding unnecessary copies of PII data, we can use the management command manage.py anonymise_db to scrub all PII.
If you'd like to find out more or try it out, the source code is available on github.
