ace-gdpr

Get GDPR updates for your Atlas-Connect-Express application

This package will assist you in complying with Atlassian's GDPR requirements described here.

Installation

Using npm:

$ npm install --save ace-gdpr

Pre-requisites

• A postgres database.
• atlas-connect-express' AddonSettings table
• This package assumes you're following jira's recommendation for user data storage and persisting it in a single table.
• The table must have a string column that stores the user account id, a string column that stores the client key for that user, and a date column with when that user's data was last updated.

Usage

ace-gdpr uses node-postgres to read user data from your database, and to create/update an internal table named ace_gdpr_settings. It assumes the following environment variables to be available with the database connection information:

PGUSER='database username'
PGPASSWORD='database user password'
PGHOST='database host'
PGPORT='databse port'
PGDATABASE='database name'

In your atlas-connect-express application

const getUpdates = require('ace-gdpr').default;

// map your users table name and column names to the config object
const config = {
  databaseConfig: {
    users: {
      tableName: 'users',
      columns: {
        updatedAt: 'updated_at',
        userAccountId: 'user_account_id',
        clientKey: 'client_key'
      }
    }
  },
  forceExecution: false // * see note below
};

getUpdates(config)
  .then(({ updated, closed }) => {
    // use jira api to fetch fresh user data and update the user record. Remember to update the `updatedAt` column for every record
    updated.forEach(accountId => updateUserData(accountId));
    // get rid of this user's personal data wherever you're storing it
    closed.forEach(accountId => removePersistedUserData(accountId));
  })
  .catch((error) => {
    // handle error
  });

We recommended running getUpdates once a day under a scheduler. The plugin keeps track of when you last executed successfully in ace_gdpr_settings and will only run again one day before the next update cycle recommended by Jira. Set forceExecution to true if you want the plugin to ignore the last update and cycle settings in ace_gdpr_settings and run the whole thing when called.

To do

• Create contributing documentation
• Create examples using Kue and node-schedule

License

MIT