Image

Data minimization and GDPR Scope reduction

One of the security design principles is scope reduction and data minimization.

Data minimization stands that organizations should keep customer data at a minimum only sufficient to provide a service.

From the official GDPR Art. 5. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

By storing customer personal data in the Databunker, you basically minimize the attack outcome from your existing database, thus minimizing the business risk factors.

Suppose, the bad actor finds an SQL injection in your web app database. He might get access to some data. This data will not be personal as this information is stored outside of your existing database (in Databunker).

When you clean up your databases from personal records (PII) and use the Datbunker token instead, you are basically doing data minimization and GDPR scope reduction.


Product Live demo

The service live demo is available at https://demo.databunker.org/

Demo user credentials:

  • User phone: 4444
  • User code: 4444
  • Admin token: DEMO

Getting Started

The easiest way to get started with Databunker is to run it as a Docker container:

docker run -p 3000:3000 -d --rm --name dbunker paranoidguy/databunker demo

This command starts a local container with a DEMO root access key. You can use it for the development of testing. For a production installation, follow this installation guide.

Connecting to Databunker

You can interact with Databunker using:

Create user record

curl -s http://localhost:3000/v1/user -X POST -H "X-Bunker-Token: DEMO" \
  -H "Content-Type: application/json" \
  -d '{"first":"John","last":"Doe","login":"john","phone":"4444","email":"user@gmail.com"}'

Fetch user by email

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/email/user@gmail.com

Fetch user by login

curl -s -H "X-Bunker-Token: DEMO" -X GET http://localhost:3000/v1/user/login/john

Other commands:

For a full list of commands, follow the API document.

Support / Contact

Slack Channel