A user requests data via a form or button. An example block, that can be put on the Edit Profile page for example, is included in this package:
The form or button fires an event: on_gdpr_data_transfer_request.
The request is automatically stored in the database when the event is fired.
An automated job can be installed via the Settings page. The job processes Data Transfer requests and creates downloads by firing the on_gdpr_process_data_transfer_request event.
It will create a ZIP file with a unique file name in /files/data_transfers that consists of JSON data and file data.
The user receives an email with link (+hash) to download the archive within x-days (configurable). This email can be customized / overridden:
If the user tries to download an expired or invalid archive, a 404-page is shown.
The user can extract the ZIP file, it could look like this:
Customization
A process data request can be created the on_gdpr_data_transfer_request event. For example like this:
The automated job fires an 'on_gdpr_process_data_transfer_request' event. By doing so, all custom code, including other packages can submit data to the data transfer object.
The mail template can be overridden by copying it to the /application/mail folder.
Notes
The files are first copied to a temp folder in order to make the ZIP. Make sure you have enough disk space.
If you deal with many files, you may want to increase the max execution time for PHP. By default the (queuable) job will process one request per time.
If a user is deleted, associated data transfer requests and files are deleted from the database.
Associated Data Transfer Files are removed from the file system is the user is deleted.
Roadmap
Delete expired data transfers.
Allow an admin to approve the data transfer before they are made.