Download the PHP package foothing/laravel-gdpr-consent without Composer
On this page you can find all versions of the php package foothing/laravel-gdpr-consent. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download foothing/laravel-gdpr-consent
More information about foothing/laravel-gdpr-consent
Files in foothing/laravel-gdpr-consent
Package laravel-gdpr-consent
Short Description Light-weight package for gdpr consent records.
License MIT
Informations about the package laravel-gdpr-consent
Laravel GDPR Consent
Light-weight Laravel 5 package for user's consents and data processing records.
Install
Via composer
composer require foothing/laravel-gdpr-consent
Add service provider in config/app.php
Add alias in config/app.php
if you want to use the facade
Publish config and migrations
php artisan vendor:publish --tag=config
php artisan vendor:publish --tag=migrations
Configure as needed, then run the migration
php artisan migrate
Setup the treatments table
php artisan consent
Quick start
First you need to configure which treatments
are required by your site.
You can do so in config/consent.php
, like the following example:
Once you are done with the configuration you can run php artisan consent:setup
to update your treatments database.
Then make your User
model implement the
ConsentSubject
Contract and use the HasConsents
trait.
Now you will be able to use the package API to register user's consent and data processing events like in the following example.
Display consent checkboxes in register page
Note that your
checkbox
name must matchconsent_TREATMENTID
Validate checkboxes in your controller
Register the consent
Show consent in a user's settings page
Note that for the update handler the checkbox name should be the treatment id.
Save user's consent changes
Note that those are just examples to show the Consent API, though i wouldn't recommend using the facade inside the views and you can replicate the same feature manipulating data in a controller, before the view is being rendered.
Log the "right to erasure"
In your delete user
controller or service:
Events
It's not completely clear yet how anyone will approach logs or data processing records, which should anyway be stored and maintained. In order to provide a better flexibility an API for events has been added aswell.
The events API is implicitly used within the only hardcoded actions (grant, revoke, erasure) but you can use it how you like to track meaningful data processing records.
"Pseudonymization" in event records
Since each event record stores subject's ip and the request payload, those fields are encrypted with a 2-way algorithm.
Keep in mind that Laravel uses the config/app.php
key to encrypt and decrypt, so if you change
that your data won't be decryptable anymore.
Project status
This package is under active development and needs work, but it got to the point where i had the features i need at the moment.
What is needed yet
- api refactor
- test coverage to 100%
- test with every 5.x minor release
- travis integration
- style fixes
so feel free to drop a line if you'd like to contribute.
License
MIT
All versions of laravel-gdpr-consent with dependencies
illuminate/database Version ~5.0
foothing/laravel-repository Version ^0.9.0
webpatser/laravel-uuid Version ^3.0