| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| gdpr.xml | 2018-10-16 | 10.5 kB | |
| gdpr.php | 2018-10-16 | 8.1 kB | |
| README.txt | 2018-10-15 | 3.6 kB | |
| license.txt | 2018-10-15 | 35.1 kB | |
| config.dtd | 2018-10-15 | 1.2 kB | |
| gdpr.dtd | 2018-10-15 | 413 Bytes | |
| gdpr.xsl | 2018-10-15 | 356 Bytes | |
| config_site1.xml | 2018-10-15 | 4.4 kB | |
| Totals: 8 Items | 63.8 kB | 1 |
************************************************************************
Purpose: Provide central privacy statement tool for multiple websites
License: GPLv3 - see license.txt
Language: PHP, XML, XSLT
Author: Tobias Eggendorfer
************************************************************************
************************************************************************
* Overview
************************************************************************
Many organisations run multiple websites, each of which requires a
privacy statement under GDPR. Maintaining and updating them accross
these sites is a nightmare for administrators. To ease the process
this tool has been written.
It could be run on a central server, such as gdpr.example.com, gets
passed a parameter indicating which web site's privacy statement should
be displayed and then generates it from a central element repository.
************************************************************************
************************************************************************
* Files
************************************************************************
- gdpr.php - PHP script providing the functionality
- gdpr.xml - XML file providing privacy statement bits and pieces in
several languages if needed. Note that the German text
version provided comes with no warrantie whatsoever. It
is meant as an example.
Other language versions are even less complete and
might therefore not even be useful as an example.
- gdpr.dtd - DTD for gdpr.xml
- gdpr.xsl - main style sheet to beautify the output
- config.dtd - DTD for config-files
- config*.xml - XML-config files, one per site. A sample
config_site1.xml is provided.
- license.txt - license (GPLv3)
- README - This readme file.
************************************************************************
************************************************************************
* Installation
************************************************************************
In very broad terms: gdpr.php should be accessible by the web server.
The script needs to be able to read the XML files, which could reside in
a directory outside the document root. The directory is configured
within gdpr.php ($default_path).
Most might want to set up a special webserver, serving a domain such as
gdpr.example.com. There, the suggested directory structure is:
gdpr/
+-www/
| +- gdpr.php
+ data/
+- gdpr.xml
+- gdpr.dtd
+- gdpr.xsl
+- config.dtd
+- config_site1.xml
The webserver's document root is at gdpr/www. That way all config files
cannot be read over the internet.
$default_path should then be set to "../data/".
If wanted, gdpr.php could be renamed to index.php and the webserver's
DirectoryIndex being set to run index.php. That would shorten the URL.
For each site to be provided, an entry in gdpr.php needs to be made to
match the site to its config-file. Note that user input is not used to
construct the filename. This is a security measure.
To run the script, call:
http://gdpr.example.com/gdpr.php?lang=en&site=site1
Or, if it was renamed to index.php:
http://gdpr.example.com/?lang=en&site=site1
************************************************************************
************************************************************************
* Configuration
************************************************************************
Please see the XML files for documentation, which should be self
explanatory. They provide plenty of comments.