A data policy is a collection of data points that Elastic Path Commerce stores for a specific customer. You can use data policies to maintain compliance with data protection laws. CMS use data policies to manage consents of customers to use their data. With data policies, customer can change the permission settings for data point values at any time. However, you can also define a data policy with no data points. A data policy with no data points enables collection of consent for data points that are not in Elastic Path Commerce. For example, a data policy for collecting banking details might be maintained in an external system, but the consent is managed by a data policy in Elastic Path Commerce.
Defining the legal description of the data policy, implementation of the data policy, and presenting the data policies to customers are done by the CMS. Elastic Path Commerce only manages the data points in a data policy, logical implementation of the data policy, and the customer consents. A data policy comprises of the following information:
- A retention period or criteria to determine how long the data policy is retained.
- The data policy segment associated with the data policy.
- An optional collection of data points.
|policyName||Specifies the name of the data policy.||String|
|retentionPeriodInDays||Specifies how long the data policy is retained. You can set this period starting from the last modified date and from created date.||Integer|
|retentionType||Specifies how the retention period start date is calculated. Retention period can either be calculated from the creation date or from the last updated date. You can also define a custom retention type by extending a new object using the com.elasticpath.domain.datapolicy.RetentionType class. For active data policies with the From Last Modified Date retention type, the retention period is calculated from the last modified date. For a disabled data policy with the From Last Modified Date retention type, the retention period is calculated either from the last modified date or the disabled date whichever is the earliest date. For example, if disabled date is January 3, 2018 and last modified date is January 8, 2018, the retention period is calculated from January 3, 2018. After the retention period of data policies, data is deleted.||RetentionType|
|segments||Specifies the data policy segments for which the data policy is applicable.||Set|
|dataPoints||Specifies the data points associated with the data policy. This setting is optional.||List|
|startDate||Specifies the start date for the data policy. This date implies that the date policy is enabled for the store from the specified date. The default setting is current date and time.||Date|
|endDate||Specifies the date until which the data policy is active. Data collected on the end date of a data policy is still retained for the total retention period specified by the policy. You can change the end date of an active data policy. This setting is optional.||Date|
|state||Specifies the current state of the data policy. Data policies can have DRAFT, ACTIVE, or DISABLED states. The default state is DRAFT.||DataPolicyState|
|description||Provides a description for the data policy to provide additional information, such as the purpose or associated data segments. This setting is optional, and the maximum length of description is 255 characters.||String|
|referenceKey||Specifies a key that can be used by a CMS to retrieve the data policy text.||String|
|activities||Provides additional information about the purpose for which data is being used. For example, if data collected by a data policy is used for personalization of orders, you can specify activities as personalization. You can add more than one activity, to a data policy, separated by a comma. This setting is optional.||String|
|guid||Specifies a GUID to use with import or export capability.||String|