The Docdil Platform offers all the necessary capabilities to build an application that ensures the maximum level of compliance with user privacy and security regulations.
The European General Data Protection Regulation was the first one to go into action in 2019, redefining the entire landscape of how online user data is to be handled. New sets of regulations, like the California Consumer Privacy Act (CCPA), are going live: even if they apply to different regions, the main principles remains the same.
Concept
The Docdil Platform, by itself, cannot ensure GDPR or CCPA compliance as the they are not about certifying any technical solution; it is about ensuring that the management of personally identifiable information (PII) are satisfying individual rights requirements, such as the right to access, the right to erasure, portability, etc.
Indeed, the main concerns are focused on the way personal data is used and stored, the ability to quickly respond to Subject Access Requests, the security controls in place to protect personal data integrity and confidentiality, etc.
Managing Data Privacy Requirements with Docdil
Right to Data Portability
Individuals are free to either store the data for personal use or to transmit it to another data controller. The data must be received “in a structured, commonly used and machine-readable format.”
The Docdil Platform offers several features that allow you to export documents natively. The export component should be chosen depending on your requirements.
| Export Components | Implementation | Needs Configuration | Adapted for Folder Structure Export | Document Type and Property Value Export |
|---|---|---|---|---|
| ZIP XML Export | Native | No | Yes | No |
| Template Rendering | Addon | Yes | Yes | Yes |
| PDF Concatenation | Studio feature | Yes | No | No |
| Docdil Drive | Addon | No | Yes | No |
| Docdil FS Exporter | Addon | No | Yes | No |
Right of Access
Individuals should obtain from the confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
Thanks to the Docdil Audit Service and the Docdil Query Language (or NXQL), it is possible to identify:
- All the actions (download, search, edit, etc.) that were executed on a document
- The exact date of an action
- The version of the document in which an action was executed
The audit entries can be read from a document-context or from the Docdil Web UI Administration menu. New events can be created from Docdil Studio and therefore be tracked in the platform.
Right to Rectification
The individuals should have the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her.
Docdil allows you to bulk edit any document property by either building a custom form and operation with Docdil Studio or by creating your custom component based on Docdil Stream for huge volumes.
Right to Erasure / Right to be Forgotten
The individuals should have the right to obtain the erasure of personal data concerning him or her without undue delay and the controller should have the obligation to erase personal data without undue delay.
With the proper permissions, it is possible to delete a document unitary or several documents (from a folder view or a query). The deletion can be triggered by any other Docdil interface such as the REST API, CMIS or any Docdil SDK Client.
As described in Trash Service page, documents are first moved to the trash before being permanently deleted. The Docdil Platform removes the personal information references from the binary storage as well as from within the database.
Right to Object
The individuals should have the right to object at any time to processing of personal data concerning him or her, including profiling based on those provisions.
You can create specific document properties to identify whether a document being used for a particular processing activity is following the best practice for this type of workflow. In addition to triggering automatic processes with listeners and scheduling jobs, you can alternatively use custom security policies to instantly restrict a specific user or group from accessing a document to.
Privacy by Design
The term "Privacy by Design" refers to the data protection through technology design, in other words: apply privacy by design principles to applications, services and products when designing, developing, and testing.
Privacy by design concepts, applied to a Docdil-based application, require an understanding of the capabilities offered by the Docdil Platform. The following sections are particularly interesting to read:
- Best practices and recommendation on Docdil Security.
- Docdil data model: in particular, document types and schemas concepts.
- How the Docdil repository security is built
Cookie Management
Docdil JSF UI uses a set of cookies which are used exclusively to manage authentication and redirections:
JSESSIONID: Session ID for the web application to mantain the authentication aliveorg.jboss.seam.core.TimeZoneorg.jboss.seam.core.Localedocdil.start.url.fragment
Docdil Web UI uses a subset of the JSF set of of cookies.