Skip to main content
Version: 2026.1

GDPR Data Extractor

The GDPR Data Extractor supports the right of access by the data subject by searching and exporting personal data across data objects, sent mails, Pimcore users, and custom providers.

GDPR Data ExtractorGDPR Data ExtractorGDPR Data Extractor

Configuration

Define which data object classes and asset types the Data Extractor includes, and whether the result view allows direct deletion:

pimcore_studio_backend:
gdpr_data_extractor:
# Settings for DataObjects DataProvider
dataObjects:
# Configure which classes should be considered, array key is class name
classes:
Person:
allowDelete: true # Allow delete of objects directly in preview grid (default: false)
Customer:
allowDelete: false
# Settings for Assets DataProvider
assets:
types:
# Configure which asset types should be considered
- image
- document
- video

By default, the search covers all data object classes, the export includes all attributes directly on the data object, and deletion from the result list is off.

Extending with Custom Data Sources

Add custom data sources to the GDPR Data Extractor to include application-specific data exports or external systems. Each custom provider requires both a PHP backend and a React/TypeScript frontend.

The Studio Example Bundle provides a complete working example (backend + frontend).

Backend: Implement the Data Provider

Implement Pimcore\Bundle\StudioBackendBundle\Gdpr\Provider\DataProviderInterface:

MethodDescription
findData(FilterParameter $filter): CollectionSearch data based on filter parameters
getName(): stringDisplay name for the provider tab
getKey(): stringUnique identifier
getSortPriority(): intDisplay order (higher = first)
getRequiredPermissions(): arrayPermission strings required to access this provider
getSingleItemForDownload(int $id): array|ResponseExport a single item for download

Your provider class must accept an array $gdprConfig = [] constructor parameter. A compiler pass injects the pimcore_studio_backend.gdpr_data_extractor configuration into every tagged provider. The container fails to build if the parameter is missing.

Register the service with the pimcore.studio_backend.gdpr_data_provider tag:

services:
App\Gdpr\DataProvider\MyCustomDataProvider:
tags:
- { name: pimcore.studio_backend.gdpr_data_provider }

See the backend example and its service registration in the Studio Example Bundle.

Frontend: Register a Dynamic Type Provider

The GDPR Extractor uses the Pimcore Studio dynamic type system to render a tab for each data provider. Every backend provider needs a corresponding frontend class that defines what the tab displays. Implement it as a Pimcore Studio plugin (Module Federation bundle).

The built-in providers use this pattern:

Backend ProviderFrontend Dynamic TypeKey
DataObjectProviderDynamicTypeDataObjectGDPRProviderdata_objects
AssetsProviderDynamicTypeAssetsGDPRProviderassets
PimcoreUserProviderDynamicTypeUsersGDPRProviderpimcore_users
SentMailProviderDynamicTypeEmailsGDPRProvidersent_mails

A custom provider frontend requires three steps, each linking to the corresponding source file in the Studio Example Bundle's GDPR Data Extractor example:

Step 1: Tab Component

Create a React component that renders search results as a grid. The component receives data from the GDPR framework via GDPRProviderTabProps and maps it to table columns using TanStack Table's createColumnHelper. The SDK provides an ExportButton that triggers the backend's getSingleItemForDownload() for each row.

See: components/my-provider-tab.tsx

Step 2: Dynamic Type Class

Create a class extending DynamicTypeAbstractGDPRProvider that connects your tab component to the GDPR framework. The id property must match the getKey() return value of your backend provider.

See: dynamic-types/dynamic-type-my-provider.tsx

Step 3: Plugin and Module Registration

Register the dynamic type in the plugin's onInit via the DI container, then register a module in onStartup that hooks it into the DynamicTypeGDPRProviderRegistry.

See: index.ts (plugin) and modules/my-provider-module.ts

How the Framework Pairs Providers

The framework matches each backend provider to its frontend tab by key: the backend's getKey() return value must equal the frontend dynamic type's id. When a user opens the GDPR Data Extractor, Pimcore Studio fetches the provider list from the backend API and renders a tab for each provider that has a matching frontend registration.

Further Reading