Most will have heard of the GDPR by now, if only from the many privacy policy emails which flooded inboxes in the lead-up to the law taking effect on 25th May 2018.
For those who have managed to escape the details, GDPR stands for General Data Protection Regulation, an EU regulation which is essentially a more aggressive and citizen-friendly version of the 1995 Data Protection Directive, updated for the age of social media. It's all about giving ownership and control of personal data back to the individual, and as a user I think it's great. As a Django developer though, it does throw up some challenges.
This is where Django-GDPR-assist aims to help. It works by looking for a PrivacyMeta object defined on your model, which you can use to describe which fields contain PII, and to control how anonymisation and exports should work on your model's fields.
It has also been designed to work with third-party modules, where it is often impractical to make changes to the model code; PrivacyMeta definitions can be registered against models from elsewhere in your project, and signals can be used to propagate anonymisation and deletion operations.
Once registered a model can be anonymised, where fields with personal data will be either nulled, blanked, or filled with default information, depending on the field's settings.
OneToOneField and ForeignKey relationships can be defined with on_delete=ANONYMISE to allow automatic anonymisation of the object when its target relation is deleted. This makes it straightforward to anonymise all related records when a user's account is deleted.