Data Protection

Content Type: Module
Categories: Utility,Data

Overview

Most Mendix applications handle personal data. Few handle it by design.

 

DataProtection is a Mendix module that brings GDPR compliance into your domain model, where it belongs. Instead of relying on manual scripts, one-off database queries, or developer discipline under deadline pressure, you define data protection rules directly on your entities and attributes. Those rules travel with your model, are visible to your team, and can be applied consistently across every environment.

 

The module is built around a simple but powerful idea: every attribute in your domain model deserves an explicit decision. Keep the value, clear it, or replace it with realistic generated data. That decision becomes part of your model configuration, not a note in a README that someone will forget to follow.

 

In practice, DataProtection is most useful in three scenarios. First, refreshing non-production environments: when production data is copied to test or acceptance, sensitive attributes are transformed automatically according to your rules. Second, generating test data: the module produces locale-aware, realistic data that behaves like production data without being production data. Generation can be deterministic, so the same rules always produce the same output, making automated testing more reliable. Third, controlled data sharing: when sharing datasets with partners or running demos, rules ensure no real personal data leaves your environment.

 

Under the hood, execution is Java-based for performance. Rules can be scoped using XPath constraints, applied in batches, and run in parallel using Mendix task queues. For large datasets this matters: the module is designed to handle bulk operations without memory spikes or timeouts.

 

DataProtection does not replace encryption, access control, or consent management. It is not a legal compliance tool. What it does is give your team a structured, repeatable, and auditable way to handle personal data outside production, turning a process that is usually ad hoc into one that is explicit and verifiable.

 

Requires Mendix 10.24.0 or higher.

Documentation

= DataProtection = Apache 2.0 license

== Description ==

DataProtection is a Mendix module that helps make your domain model GDPR-compliant by design. It allows you to define data protection rules per entity and attribute, and to apply those rules consistently across environments — including safe generation of realistic test data.

The module is especially useful for:

  • GDPR compliance (privacy by design & by default)
  • Test and acceptance environments
  • Data anonymization / pseudonymization strategies
  • Secure data sharing and demos

== Typical usage scenario ==

Use the DataProtection module when you need to:

  • Ensure personal data is handled correctly according to GDPR
  • Remove or obfuscate sensitive data in non-production environments
  • Generate realistic but non-identifiable test data
  • Apply data protection rules in bulk using background processing or task queues

== Features and limitations ==

=== Features ===

  • Configurable data protection rules per entity and attribute:
    • Keep – leave the original value unchanged
    • Clear – remove the value (set to empty)
    • Generate – replace with realistic, locale-aware test data
    • ... (extensible for additional rule types)
  • Rule-based scope:
    • Apply rules only to a subset of objects using XPath constraints
  • Locale-aware test data generation:
    • Generate realistic names, addresses, numbers, etc.
    • Supports deterministic generation using seeds (repeatable results)
  • High-performance batch processing:
    • Apply rules in batches
    • Safe for large datasets
    • Compatible with Mendix task queues and parallel execution
  • Java-based execution:
    • Fast and scalable
    • Designed for controlled use in background processes

=== Limitations ===

  • The module focuses on data transformation, not legal interpretation of GDPR
  • XPath constraints must be valid and compatible with the target entity
  • Generated data is intended for testing and anonymization, not cryptographic anonymization
  • Does not replace encryption, access control, or consent management

== Dependencies ==

  • Mendix 10.24.0 or higher
  • Java actions enabled
  • Optional: Task Queue configuration for parallel execution

== Installation ==

  • Download the DataProtection module from the Mendix Marketplace
  • Import the module into your Mendix app
  • Add the module roles to your project security
  • Include the module in your deployment
  • Configure your data protection rules

== Configuration ==

To install and activate the DataProtection module in your Mendix project, perform the following steps:

  • Add the DataProtection module roles to your project security
  • Add the page ''DataProtection_Configuration'' to your navigation (typically under an admin or management menu)

After completing these steps, the DataProtection configuration interface will be available to authorized users, allowing you to define and manage data protection rules for your domain model.

== Technical implementation notes ==

  • Uses XPath consistently for:
    • Scoping
    • Counting
    • Batch retrieval
  • Uses deterministic sorting to enable safe parallel execution
  • Relies on Java actions for performance-critical operations
  • Designed to be extensible for additional rule types or generators

== Best practices ==

  • Always test rules on a small dataset before running them in bulk
  • Use deterministic seeds for reproducible test data
  • Combine DataProtection with:
    • Environment-specific security
    • Encryption where required
    • Logging and auditing for compliance

 

 

 

Releases