Anonymising objects

Model changes

Once a model has been registered with gdpr-assist, its instances will have some additional attributes:

obj.anonymised = BooleanField()

This is a boolean value stored in the database to register whether the object has been anonymised or not.

obj.anonymise()

Call this to anonymise the private fields on the object.

How anonymisation works

If a field is nullable, the value will be set to None (or in the case of blankable strings, '').

If a field is not nullable, the value will be set to a sensible default:

  • Numbers will be set to 0
  • Strings will be set to a string representation of the primary key field
  • Booleans will be set to False (although NullBooleanField will always be nullable)
  • DateField and DateTimeField will be set to the current date and time
  • TimeField will be set to 00:00
  • DurationField will be set to timedelta(0)
  • EmailField will be anonymised to {pk}@anon.example.com
  • URLField will be anonymised to {pk}@anon.example.com
  • GenericIPAddressField will be set to 0.0.0.0
  • UUIDField will be set to {00000000-0000-0000-0000-000000000000}

These default actions can be overridden by defining a custom anonymiser as anonymise_<field_name> method on the PrivacyMeta class - see the PrivacyMeta documentation for more details.

Custom field types will also need a custom anonymiser to be defined.

Some fields cannot be anonymised unless they can be null, and trying to anonymise them without a custom anonymiser will raise a gdpr_assist.AnonymiseError exception:

  • File fields (FilePathField, FileField, ImageField)
  • Relationships (OneToOneField, ForeignKey)

To ensure data integrity, trying to anonymise a ManyToManyField will always raise a gdpr_assist.AnonymiseError, unless you are using a custom anonymiser for that field.

The anonymiser cannot anonymise the primary key.