SecuPi, a technological answer for the right to be forgotten
Under Article 17 of the GDPR, customers have the right to have personal data erased. This is also known as the right to be forgotten. SecuPi provides a platform to address the implementation of Article 17 across hundreds of heterogeneous databases, data warehouses and big-data environments.
SecuPi includes the following capabilities:
- Discovery and classification of the location of personal data, including data-flows from the data sources to various data consumers.
- Logical deletion hiding personal data of customers without changing data at-rest, usually applied during the 7 – 10 years retention period, as the data in the various databases cannot be deleted to meet tax and legal requirements.
- Physical anonymization of identifiable personal customer elements, while sustaining referential integrity.
- Physical deletion of entire customer data records (usually by applying existing application deletion API calls).
SecuPi Logical Deletion
SecuPi application overlay enables to define policies to hide personal data of customers that have indicated their wish to be deleted, without actually deleting their records in the database. This is referred as “Logical Deletion” and done across all relevant data-flows and processes. For example, once logical deletion is applied on a customer, his details cannot be retrieved from the CRM application screens, from the reporting tools nor from the Campaign Management systems.
SecuPi Physical Deletion & Anonymization
After retention period, there is the need to physically delete the customer personal information from the databases. SecuPi supports also physically anonymizing or deleting customer personal data from all heterogeneous databases.
The SecuPi Workflow Server is configured to execute the anonymization scripts on the various databases once retention period allows.
These scripts update the customer personal data and anonymize their identifiers, such as changing names into ‘xxxxx’, addresses into ‘yyyyy’, social security numbers into ‘000000000’, etc.
Note that physical anonymization is only applied on personal data items (e.g., name, address, email, phone). These changes do not include referential elements such as primary keys to prevent from corrupting of the databases or application’s integrity.
The same SecuPi Workflow Server used for Physical deletion can be configured to execute customer deletion script APIs offered by various application software vendors (e.g., Salesforce.com).
These documented APIs are invoked and managed by the SecuPi Workflow Server.
Advanced features of SecuPi technology will help you to prepare for the right to be forgotten in a proper way. Let us know if you have any question about the solution.