GDPR/CCPA customer data request plugin

[donrestarone]

This plugin will ingest user provides emails to send them the information they submitted information to the system.

Namespace

config:

name: compliance/customer/request

properties:

name: Sally Anne slug: compliance__customer_request email: email_address compliance_message_sent: boolean

exclude_api_namespaces: array of slug's of namespaces to exclude from lookup scan_all_namespaces: boolean -- not required if exclude_api_namespaces is provided, but if exclude_api_namespaces is not provided the plugin will not work unless you acknowledge that lookup is allowed on all API namespaces by setting scan_all_namespaces: true message: 'This is your data request, please see it below'

Algorithm

When the plugin runs on a 1 minute cron schedule:

1. find all api_resources compliance_message_sent: false
2. for each api_resource look up all the namespaces allowed for look up based on exclude_api_namespaces / scan_all_namespaces-- list the api_resources that have the same property email and put them into its own CSV (by namespace)

Parameters

Email message should be sent via the email system by creating a thread named: "#{email} compliance: customer submitted data request" and inserting the message there.

The email message should contain the message defined in the message parameter along with a CSV for each of the API Namespaces that they have submitted data to (each API Namespace CSV will contain the resources that the user has submitted).

[donrestarone]

research

See the seeds file on how to programmatically send emails and things like that from the External API Connection.

See here for an example of a test for a Violet Rails plugin

library of plugins: https://github.com/restarone/violet_rails/blob/master/test/fixtures/external_api_clients.yml