HomeDev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityDoc feedbackLog In

This is an important part when [managing GDPR compliance](🔗).

`IGDPRConventions` and `ITrackSanitizerPatternRepository` are used for adding the filtering.

## Conventions

`IGDPRConventions` has these methods.

Set patterns to remove GDPR data from a search query.public virtual void SetGDPRPatterns(List<GDPRPattern> gdprPatterns)
Get the GDPR patterns to be removed in search querypublic virtual IEnumerable<GDPRPattern> Get<br><br>GDPRPatterns()
Delete the GDPR data in the search query that matches the patterns.public string RemoveGDPRDataInQuery(string queryStringQuery)

## ITrackSanitizerPatternRepository

The `ITrackSanitizerPatternRepository` has these methods.

**Method description****Sample**
**Add patterns to remove PII data from search query**
Add single patternpublic string Add(TrackSanitizerPattern pattern)
Add multiple patternspublic void Add(IEnumerable<TrackSanitizerPattern> patterns)
**Update patterns to remove PII data from search query**
Update single patternpublic string Update(TrackSanitizerPattern pattern)
Update multiple patternspublic bool Update(IEnumerable<TrackSanitizerPattern> patterns)
**Get patterns to remove PII in search query**
Get all patternspublic IEnumerable<TrackSanitizerPattern> GetAll()
Get pattern by Idpublic TrackSanitizerPattern Get(string patternId)
**Delete PII data in the search query that matched the patterns**
Delete pattern by Idpublic void Delete(string patternId)
Delete all patternspublic void DeleteAll()

## Example

The patterns support plain text, wildcard, regex. Here are some example filters.

  • Full name – “John Smith”, “Steven” …

  • Keyword contains email – “\*@gmail.com”, “\*@yahoo.com” …

  • Regex string – “\\w+([-+.]\\w+)\*@\\w+([-.]\\w+)\*\.\\w+([-.]\\w+)\*” …

The `_statisticsClient.GetGDPR()` API only support exact term search, due to limitations of statistics indexes.

## Install and verifiy

In the steps below we describe how to implement and verify the PII filtering.

  • CMS Alloy sample site (for CMS 11 and Commerce 13) [installed from the Visual Studio Extension](🔗). See also [Installing Optimizely .NET5](🔗) for CMS 12 and Commerce 14.

  • Optimizely Search & Navigation [service URL and default index name](🔗), for example _<http://es-api-test01.episerver.com/>\<PRIVATE_KEY>_.

  • Optimizely Search & Navigation [client-side resource base URL](🔗), for example <https://dl.episerver.net/13.2.0>.

  • Optimizely Search & Navigation 13.2.0

### Install packages

  1. In Visual Studio, set the default project to Templates.Alloy.

  2. Install the following NuGet packages (use the “-pre” option to get latest development package).

    • _Find.Cms_

    • _Find.Statistics_

  3. Open the Alloy _web.config_ file and update the following entries: 

    • In the \<episerver.find> tag

      • `serviceUrl`

      • `defaultIndex`

    • In the \<episerver.find.ui> tag 

      • `clientSideResourceBaseUrl`

    • In the <appSettings> tag

      • add item with key `episerver:Find.TrackingSanitizerEnabled` and value true

  4. Access Admin Mode and add a GDPR test page. a. Go to CMS > **Admin** > **Content Type** tab > **Page Types** > **[Specialized] Start Page** > **Settings**.

b. Click **Available Page Types** and check  **[Specialized] Find GDPR API Demo Page** and click **Save**.

  1. Go to the CMS **Edit** > navigation pane > **Pages** tab > **Start** branch of the tree structure.

  2. Create a GDPR Search page and publish it.

  1. Return to CMS > **Admin** view.

  2. Under **Scheduled jobs**, click **Optimizely Find Content Indexing Job** and start that job manually.

### Verify

In these steps we perform a search, delete the GDPR-related data, and add a filtering pattern to prevent it from being indexed.

  1. Open the GDPR Demo page created in previous steps. Clear the GDPR pattern settings to verify that the tracking function is running well.

  1. Go to the search page and execute a search with some keywords.


  1. Go to the GDPR Demo page and review the displayed data.



  1. Delete the existing GDPR data and set patterns to prevent it.


  1. Search again and recheck for the GDPR data. This should now have been filtered out.