GDPR - anything pre-done by anvil or should I handle everything?

jacob.levine91 · August 19, 2023, 3:25pm

As I’m getting closer to making my application public, the topic of GDPR finally came up.

Most of it is common sense, but one thing I was wondering about are cookies and the cookies banner.

Prior to the user accepting cookies I’d need some sort of script blocking on the client side, or maybe block access altogether? Not too sure.

I guess the main building blocks are the script blocking, the cookie prompt, and tracking whether this is a user’s first visit to determine whether the prompt needs to be displayed.

Question is - does Anvil have any of these already? Or does every application developer need to re-implement this?

Thanks!
Jake

p.colbert · August 21, 2023, 3:43pm

Welcome to the Forum!

In most cases (including this one), Forum Search is your friend! Highly recommend that you start there.

jacob.levine91 · August 22, 2023, 8:02pm

Hi, thanks for your response!

Indeed, I started by searching the forums. However, the question I asked isn’t answered by the ~5 GDPR related posts. Do you have a specific post you’re referring to?

p.colbert · August 22, 2023, 8:35pm

No specific post. I don’t recall the individual details of the GDPR posts, but I could take aim at your initial question:

(emphasis mine). Since that was a pretty big question, no single post was likely to answer it in its entirety. It seemed best for you to see for yourself, and get a more complete picture in your own terms.

And practice with Forum Search (and Docs Search) is a good habit to encourage.

The more-specific questions I’ll have to leave to other Forum volunteers.

david.wylie · August 23, 2023, 9:19am

A good proportion of applications on Anvil are internal or B2B, rather than websites and publicly available landing pages (beyond a login page). Therefore I think most GDPR implementations are specific to the circumstances which is why you might not find too many posts on the subject. So for this part of your question :

I am not aware of any built in Anvil mechanisms to deal with this for your applications. What Anvil do for theirs is, I think, indicated in this post :

jacob.levine91 · August 23, 2023, 9:32pm

Thanks David, that’s what I suspected. I’ll go ahead and tailor the solution to my application. Cheers.

nickantonaccio · August 24, 2023, 12:54am

Here’s one possible quick outline:

Use a session or cookie value to store whether users have accepted your GDPR terms:
Anvil Docs | Sessions and Cookies

If the user has not yet accepted your cookie terms, display a custom Alert to allow the user to accept/select a response to your GDPR terms: Anvil Docs | Alerts and Notifications

Save the user response in the session/cookie dictionary and conditionally show forms and/or widgets based upon the saved user response.

jacob.levine91 · August 24, 2023, 10:38pm

Hey Nick. That’s exactly what I ended up doing - I stored the user’s cookies preferences in a cookie, and if no value exists I display the prompt with the GDPR fun stuff and link to privacy policy. Cheers.