feat : GDPR personal data anonymization

2024-04-29 13:04:01 +02:00 · 2024-04-29 13:04:01 +02:00 · 109c499a25
parent 601a346634
commit 109c499a25
9 changed files with 84 additions and 0 deletions
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/domain/job/DataAnonymizationJob.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/domain/job/DataAnonymizationJob.java
@ -0,0 +1,42 @@
+package org.jeecg.modules.business.domain.job;
+
+import lombok.extern.slf4j.Slf4j;
+import org.jeecg.modules.business.service.IClientService;
+import org.jeecg.modules.business.service.IPlatformOrderService;
+import org.quartz.Job;
+import org.quartz.JobExecutionContext;
+import org.quartz.JobExecutionException;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * Data Anonymization job, following EU GDPR guidelines.
+ * This job is responsible for anonymizing personal data in the database.
+ * It is scheduled to run every day at XX.
+ * The job will anonymize personal data in the database, such as names, addresses, and phone numbers.
+ * It will replace the personal data with UUIDs to ensure that the data is no longer identifiable.
+ * Personal data will be anonymized after 3 years of inactivity for our direct clients.
+ * And 2 years after creation for our indirect clients.
+ * ---
+ * Job frequency : 1 month
+ */
+
+@Slf4j
+public class DataAnonymizationJob implements Job {
+    @Autowired
+    private IPlatformOrderService platformOrderService;
+    @Autowired
+    private IClientService clientService;
+
+    private final static int DIRECT_CLIENT_ANONYMIZATION_PERIOD = 3;
+    private final static int INDIRECT_CLIENT_ANONYMIZATION_PERIOD = 2;
+
+    @Override
+    public void execute(JobExecutionContext context) throws JobExecutionException {
+        log.info("Data Anonymization job is running...");
+        log.info("Anonymizing personal data for indirect clients...");
+        platformOrderService.anonymizePersonalData(INDIRECT_CLIENT_ANONYMIZATION_PERIOD);
+        log.info("Anonymizing personal data for direct clients...");
+        clientService.anonymizePersonalData(DIRECT_CLIENT_ANONYMIZATION_PERIOD);
+        log.info("Data Anonymization job completed.");
+    }
+}
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/mapper/ClientMapper.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/mapper/ClientMapper.java
@ -31,4 +31,6 @@ public interface ClientMapper extends BaseMapper<Client> {
    Client getClientBySku(@Param("skuId") String skuId);

    Client getClientFromInvoice(@Param("invoiceNumber") String invoiceNumber);
+
+    void anonymizePersonalData(@Param("period") int directClientAnonymizationPeriod);
 }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/mapper/PlatformOrderMapper.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/mapper/PlatformOrderMapper.java
@ -219,4 +219,6 @@ public interface PlatformOrderMapper extends BaseMapper<PlatformOrder> {
    OrderKpi countPlatformOrders(@Param("start") LocalDateTime start, @Param("end") LocalDateTime end, @Param("showAllData") boolean showAllData, @Param("username") String username);

    Map<String, String> fetchShippingPeriodAndType(@Param("invoiceNumber") String invoiceNumber);
+
+    void anonymizePersonalData(@Param("period") int indirectClientAnonymizationPeriod);
 }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/mapper/xml/ClientMapper.xml
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/mapper/xml/ClientMapper.xml
@ -72,4 +72,22 @@
        WHERE po.shipping_invoice_number = #{invoiceNumber} OR po.purchase_invoice_number = #{invoiceNumber};

    </select>
+    <update id="anonymizePersonalData">
+        UPDATE client
+        SET first_name = UUID_SHORT(),
+            surname = UUID_SHORT(),
+            email = CONCAT(UUID(), '@example.com'),
+            phone = NULL,
+            street_number = 0,
+            street_name = UUID_SHORT(),
+            additional_address = NULL,
+            city = UUID_SHORT(),
+            postcode = NULL,
+            company_id_value = UUID_SHORT(),
+            invoice_entity = UUID_SHORT(),
+            ioss_number = NULL,
+            internal_code = CONCAT(internal_code, UUID_SHORT())
+        WHERE active = 0
+        AND IF (update_time IS NOT NULL, update_time, create_time) &lt; DATE_SUB(NOW(), INTERVAL #{period} YEAR);
+    </update>
 </mapper>
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/mapper/xml/PlatformOrderMapper.xml
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/mapper/xml/PlatformOrderMapper.xml
@ -879,4 +879,10 @@
        JOIN shipping_invoice s ON po.shipping_invoice_number = s.invoice_number
        WHERE shipping_invoice_number = #{invoiceNumber};
    </select>
+
+    <update id="anonymizePersonalData">
+        UPDATE platform_order_delete
+        SET recipient = UUID()
+        WHERE create_time &lt; DATE_SUB(NOW(), INTERVAL #{period} YEAR);
+    </update>
 </mapper>
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/service/IClientService.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/service/IClientService.java
@ -58,4 +58,6 @@ public interface IClientService extends IService<Client> {
    Client getClientBySku(String skuId);

    Client getClientFromInvoice(String invoiceNumber);
+
+    void anonymizePersonalData(int directClientAnonymizationPeriod);
 }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/service/IPlatformOrderService.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/service/IPlatformOrderService.java
@ -243,4 +243,6 @@ public interface IPlatformOrderService extends IService<PlatformOrder> {

    Map<String, String> fetchShippingPeriodAndType(String invoiceNumber);

+
+    void anonymizePersonalData(int indirectClientAnonymizationPeriod);
 }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/service/impl/ClientServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/service/impl/ClientServiceImpl.java
@ -161,4 +161,9 @@ public class ClientServiceImpl extends ServiceImpl<ClientMapper, Client> impleme
    public String getClientIdByCode(String code) {
        return clientMapper.getClientIdByCode(code);
    }
+
+    @Override
+    public void anonymizePersonalData(int directClientAnonymizationPeriod) {
+        clientMapper.anonymizePersonalData(directClientAnonymizationPeriod);
+    }
 }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/service/impl/PlatformOrderServiceImpl.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/business/service/impl/PlatformOrderServiceImpl.java
@ -491,4 +491,9 @@ public class PlatformOrderServiceImpl extends ServiceImpl<PlatformOrderMapper, P
    public Map<String, String> fetchShippingPeriodAndType(String invoiceNumber) {
        return platformOrderMap.fetchShippingPeriodAndType(invoiceNumber);
    }
+
+    @Override
+    public void anonymizePersonalData(int indirectClientAnonymizationPeriod) {
+        platformOrderMap.anonymizePersonalData(indirectClientAnonymizationPeriod);
+    }
 }