news Professionally designed UI components to build your next Ruby on Rails app even faster Check it out

GDPR in your Rails app

GDPR is is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. As creators/owners of web applications it’s your responsibility to be careful with your user’s data. As a default you should strive to obtain as little data of your users as possible. Sjabloon helps you with a few of these things.

Filter parameter logging

Rails built-in Filter Parameter Logging replaces sensitive parameter data from the request log. Sjabloon adds a few common parameters for you (only in production).

Ask and track user consent (only when adding authentication)

When a visitor creates an account on your app, they are prompted to give their consent for each policy (eg. privacy policy, terms of service, etc.) you add. This consent is then set for this user (in a Consent model). Whenever you make changes to any of these policies you need to ask the consent of your users again. With Sjabloon you can create and update different policies with ease and when your user visits your site, they get prompted to read and accept your new policies. Sjabloon comes also with a helper that checks if consent is given (which you can check against in your app, eg. controller, helper, service object, etc.). The modal that’s shown to user is easily customisable.

Cookie notification for page analytics and other third-party services

When a Cookie Policy is available a small modal at the bottom of the page will show, notifying your visitors about the fact you use cookies. They can click to see your Cookie Policy and accept it. The design of the modal can also easily be modified.

Anonymise IP addresses for Google Analytics

Sjabloon gives you a one-click option to install multiple page analytics tool like Google Analytics, Clicky and Simple Analytics. Both Clicky and Simple Analytics do not collect, but anonymise IP addresses by default, but Google Analytics does collect IP addresses. Sjabloon sets the anonymize_ip option to true by default.

Other things to think about

No app is alike and as such it’s impossible to provide full coverage for GDPR out-of-the-box with Sjabloon. Things you might need to look into, dependending on your app: