Skip to main content
Version: 2026.1

Extending GDPR Data Providers

The GDPR Data Provider system offers a centralized interface to find and export personal data from any part of a Pimcore application. Add custom data sources (Data Objects, Assets, external systems) by implementing DataProviderInterface and tagging the service with pimcore.studio_backend.gdpr_data_provider.

How It Works

Implement the DataProviderInterface and register the service. The Studio Backend auto-discovers tagged providers and includes them in the GDPR Data Extractor.

Searching

When a user opens the GDPR Data Extractor and clicks "Search":

  1. Provider registration: Implement these methods on your provider:

    • getName(): To get the human-friendly name for the provider tab.
    • getKey(): To get the unique ID.
    • getSortPriority(): To decide where to place your provider in the list.
    • getRequiredPermissions(): One or more permissions required by user to access the data provider information.
    • findData(): Find the data in the particular provider using the searched terms.
  2. When the user clicks "Search":

    • The system first calls your getRequiredPermissions() method to check if the current user is allowed to use your provider.
    • If permission is granted, the system calls your findData() method, passing the user's search terms as a FilterParameter.
    • The Collection you return from findData() is then displayed in the results grid.
note

The columns displayed in the search results grid are defined on the frontend side (in the tab component using TanStack Table's createColumnHelper). The backend only returns data rows via GdprDataRow, where each row contains a key-value map that the frontend maps to columns. See the GDPR Data Extractor documentation for the frontend implementation details.

Exporting (Direct Download)

When the user clicks "Export" on a single item in the results grid:

  1. When the user clicks "Export" on an item:
    • The system again checks your getRequiredPermissions() method.
    • If permission is granted, the system calls your getSingleItemForDownload(int $id) method, passing the ID of the item the user wants to export.
    • The array or Response you return from getSingleItemForDownload() is then automatically converted by the system into a downloadable file for the user.

Configuration

Configure which data object classes and asset types the GDPR Data Extractor includes:

pimcore_studio_backend:
gdpr_data_extractor:
data_objects:
classes:
# Configure which classes should be considered
# Array key is the class name
Person:
allow_delete: true # Allow delete of objects directly in preview grid (default: false)
Customer:
allow_delete: false
assets:
types:
# Configure which asset types should be considered
- image
- document
- video

Configuration Options

OptionTypeDefaultDescription
gdpr_data_extractor.data_objects.classesarray[]Configure which Data Object classes should be considered for GDPR search. The array key is the class name.
gdpr_data_extractor.data_objects.classes.<ClassName>.allow_deletebooleanfalseAllow deletion of objects directly in the preview grid.
gdpr_data_extractor.assets.typesarray[]Configure which asset types should be considered for GDPR search (e.g., image, document, video).

Example Data Provider

The example below shows a minimal provider implementation. The constructor must accept an array $gdprConfig = [] parameter. A compiler pass injects the pimcore_studio_backend.gdpr_data_extractor configuration into every tagged provider.

use Pimcore\Bundle\StudioBackendBundle\Filter\MappedParameter\FilterParameter;
use Pimcore\Bundle\StudioBackendBundle\Gdpr\Provider\DataProviderInterface;
use Pimcore\Bundle\StudioBackendBundle\Gdpr\Schema\GdprDataRow;
use Pimcore\Bundle\StudioBackendBundle\Response\Collection;
use Symfony\Component\HttpFoundation\Response;

final class MyDataProvider implements DataProviderInterface
{
public function __construct(
array $gdprConfig = []
) {
}

public function getKey(): string
{
return 'my_data_provider';
}

public function getName(): string
{
return 'My Data Provider';
}

public function getSortPriority(): int
{
return 10;//set the priority of provider
}

/**
* @return string[]
*/
public function getRequiredPermissions(): array
{
// Return an array of permission strings
return ['permission 1', 'permission 2'];//example : UserPermissions::USERS->value
}

public function findData(FilterParameter $filter): Collection
{
// Search your data source using $filter->getSearchTerm(), etc.

return new Collection(
totalItems: 1,
items: [
new GdprDataRow([
'id' => 123,
'name' => 'John Doe',
'email' => 'john@example.com',
])
]
);
}

public function getSingleItemForDownload(int $id): array|Response
{
// Return the data for a single item to be exported as JSON
return ['id' => $id, 'name' => 'John Doe', 'email' => 'john@example.com'];
}
}

A complete working example (including the frontend tab component) is available in the Studio Example Bundle.