GDPR & admin operations
GDPR deletion data
Section titled “GDPR deletion data”In order to fulfill GDPR regulations in terms of data deletion, the Vimond platform offers a flow to delete end-user’s data that have been previously stored during normal platform usage.
Specifically, in an end-user lifetime, Vimond might have stored data about:
- subprofiles used for intra-account data separation
- devices used to play videos
- videos viewing history to mark completed videos and to restore playback
- playlists created
End-user data can be deleted by invoking an HTTP endpoint:
curl -X DELETE \ https://{api_endpoint}/{environment}/user/{userId}/issuer/{issuerName} \ -H 'Authorization: Bearer {jwt_admin_access_token}' \ -H 'X-Vimond-Tenant: {tenant}'Path params
Section titled “Path params”| Param name | Description |
|---|---|
| api_endpoint | API endpoint to call, it changes for each environment |
| environment | Name of the environment |
| userId | User identifier as reported by the IAM provider |
| issuerName | Name of the IAM provider |
| jwt_admin_access_token | JWT admin token to use in the request |
| tenant | Tenant where the user belongs |
Response codes
Section titled “Response codes”| HTTP code | Description |
|---|---|
| 202 | The request is accepted and it is going to be executed |
| 400 | Missing X-Vimond-Tenant header |
| 401 | Missing or invalid JWT auth token |
| 503 | Internal error while starting the deletion flow |
Delete operation feedback
Section titled “Delete operation feedback”The result of a GDPR delete operation can be checked into the audit log module of Vimond VIA like any other admin operation