Personal data destruction plugin implementation classes
In the base configuration of PolicyCenter, the PCPersonalDataDestructionPlugin class is registered as the class that implements both the PersonalDataDestruction plugin interface and the PersonalDataDestructionforPCRoots plugin interface. This class provides default handling for destruction of pinnable root entities in the base configuration.
SamplePersonalDataDestructionPlugin is the class you can use as an example when you implement your own personal data destruction class to define both getDestroyer and how specific pinnable roots are handled. You must then register your implementation class with both plugin registries, PersonalDataDestruction.gwp and PersonalDataDestructionforPCRoots.gwp.
These two classes define methods that control destruction of pinnable
root entities by returning one of the following values defined in the
enum
PersonalDataDisposition:
MUST_NOT_DESTROY- The object must not be destroyed. If this value is in conflict with a
MUST_DESTROYvalue in the domain graph, the Data Protection Officer must get involved. MUST_DESTROY- The object must be destroyed.
MAY_DESTROY- The object can be destroyed.
PCPersonalDataDestructionPlugin
In the base configuration,
PCPersonalDataDestructionPlugin calls
getDestroyer to obtain the destroyer defined in
PCPersonalDataDestroyer. Additionally, this class prevents
data destruction by returning MUST_NOT_DESTROY for all calls to
destroy pinnable root entities. For example:
override function shouldDestroyPolicyTerm(
policyTerm: PolicyTerm, descendants: Collection<DestructionRootPinnable>,
origin: DestructionRootPinnable): PersonalDataDisposition {
return MUST_NOT_DESTROY
}
override function shouldDestroyPolicy(
policy: Policy, descendants: Collection<DestructionRootPinnable>,
origin: DestructionRootPinnable): PersonalDataDisposition {
return MUST_NOT_DESTROY
}
override function shouldDestroyAccount(
account: Account, descendants: Collection<DestructionRootPinnable>,
origin: DestructionRootPinnable): PersonalDataDisposition {
return MUST_NOT_DESTROY
}
override function shouldDestroyContact(
contact: Contact, descendants: Collection<DestructionRootPinnable>,
origin: DestructionRootPinnable): PersonalDataDisposition {
return MUST_NOT_DESTROY
}SamplePersonalDataDestructionPlugin
You can use the class SamplePersonalDataDestructionPlugin as a guide for writing your own personal data destruction code.
SamplePersonalDataDestructionPlugin has examples that
use other return values than MUST_NOT_DESTROY for the pinnable root
entities. For example:
The method shouldDestroyUser determines if there is a
User object associated with the UserContact
object. If not, it returns MUST_DESTROY. If the database query
indicates that the users’s credential is active, the method returns
MUST_NOT_DESTROY. Otherwise, the credential is not active and
destroying the UserContact is permitted, so the method returns
MAY_DESTROY.
The method shouldDestroyPolicy checks:
- If the policy is retired. If so, the method returns
MUST_DESTROY. - A number of scenarios that would prevent the policy from being
destroyed, and returns
MUST_NOT_DESTROYif any of them are true, such as:- Any open activities
- Any policy terms marked
MUST_NOT_DESTROY - Any pinnable dependents marked
MUST_NOT_DESTROY
- If any pinnable dependents are marked
MUST_DESTROY. If so, the method returnsMUST_DESTROY. - Returns a default value of
MAY_DESTROYif the previous checks show that nothing is markedMUST_NOT_DESTROYorMUST_DESTROY.
There are additional overridden methods for shouldDestroyPolicyTerm, shouldDestroyAccount, and shouldDestroyContact that you can review to see how these pinnable root entities might be handled.
See also