GDPR Tool

This section explains on how to securely deleting user data from the system.

The GDPR Tool is a command-line utility designed to help organizations comply with the General Data Protection Regulation (GDPR) by securely deleting user data from data sources: MariaDB, Pinpoint and FastPast. The tool supports deletion of data for a single user ID or multiple IDs provided via a CSV file. It ensures that user data is permanently removed from these systems, as required by GDPR regulations.

Pre-requisites

Make sure the following things are in place, before you proceed:

  • Python 3.x must be installed on the system.
  • Access to the drive.json configuration file.
  • Access to the data sources, MariaDB, Pinpoint, and FastPast, from where the user data to be deleted.
  • User ID or list of User ID in a file.

Syntax

Single ID Deletion:

./gdpr_tool.py -i <user_id> -u <instance_uri>

Sample screenshot is provided below for single ID deletion.

Multiple IDs Deletion:

./gdpr_tool.py -f <file_path> -u <instance_uri>

Sample screenshot is provided below for multiple ID deletion.

  • gdpr_tool.py: python file of the GDPR tool.
  • -i: use this argument to delete a single ID.
  • -f: use this argument to multiple IDs stored in the csv file.
  • <user_id>: replace this with the user ID to be deleted.
  • <file_path>: include the file path of the user ID list. Currently, supported file formats like ".txt", ".csv", ".doc" and so on.
  • -u: to specify the instance URI for the operation.
  • <instance_uri>: include the instance URI for deletion.

Data Deletion Risks and Assumptions

When using the data deletion tool, it's important to understand the associated risks and the assumptions that must be met to ensure proper operation.

Risks:

  • Incorrect Deletion: If invalid user ID is provided, the tool may either fail to delete the intended data or delete data associated with the wrong users.
  • System Errors: Failures in dependent data sources such as MariaDB, Pinpoint, or FastPast can interrupt or prevent the deletion process.
  • Misconfiguration: A missing or incorrectly configured drive.json file can cause the deletion tool to fail entirely or behave unpredictably.

Assumptions:

The tool operates correctly under the following conditions:

  • The user IDs must be accurate and the users are authorized for data deletion.
  • All required data sources like MariaDB, Pinpoint and FastPast, are available and functioning during the deletion process.
  • The drive.json configuration file is correctly set up with the required keys and credentials.