Deep Dive Articles

Governed Data Query - A Deep Dive

Overview - GDQ

Governed Data Query (GDQ) is a tool that helps organizations retrieve customer information, specifically Personally Identifiable Information (PII), from their databases in compliance with GDPR and other regulations. For instance, when a customer subscribes to a service from a vendor, such as a cell phone provider, all their personal information is stored in the provider's databases. The provider's IT team must develop processes to retrieve this data from various sources if the customer requests to view or delete all their information. OvalEdge simplifies this by cataloging the data, allowing the IT team to classify and audit privacy information using the Data Classification module. Privacy data can be grouped under business terms created for each domain, and appropriate data objects can be associated with these terms. Sensitive data can be masked or restricted when creating terms. When users request the discovery and deletion of their information, the provider can use the GDQ module in OvalEdge. The IT team can build search patterns around business terms and discover associated data objects, efficiently gathering the customer's information across the organization.

Examples of Personal Data found in Data Sources:

  • First name, last name/surname, maiden name
  • Email address
  • Home address (street, zip, postal code, city)
  • Phone number
  • Photo
  • Date of birth
  • Bank account number
  • Credit card number
  • National Identification Number, (Social) Insurance Number, Social Security Number
  • Taxpayer Identification Number, Tax File Number, Permanent Account Number
  • Passport number, national ID number, driver's license number
  • Vehicle registration plate number
  • Employee number
  • IP address
  • Location data
  • Handwriting
  • Login
  • Password
  • Social media profile IDs/links
  • Mobile device IDs
  • Employment history, job title
  • Education history
  • Payroll data
  • R & D data
  • Personal Medical Data

Roles and Permissions

A user role that has access to a specific domain with Read-Write permissions can only create a Governed Data Query (GDQ) in that domain. Additionally, users with the OE_ADMIN role can create a GDQ. 

Note: User roles who have domain access with Read-Only permissions cannot add a GDQ in that domain.

DOMAIN Access

Meta Permission Type

Permission Abbreviation

Access Privileges

Yes

READ-ONLY

RO

  • Cannot create a GDQ

Yes

READ WRITE

RW

  • Can create a GDQ

No

READ-ONLY/READ WRITE

RO/RW

  • Cannot create a GDQ

Working with GDQ

Stewards and data users need a method to govern the privacy compliance data in OvalEdge. OvalEdge adapts a standard method by using a Governed Data Query search result to search sensitive Customer data. 

0.10

In OvalEdge, each data query is governed across a domain, and privacy terms are created for each domain (such as First Name, Last Name, Mobile Number, and Personal ID). The terms are then associated with the data objects before creating the data query.

Process Flow

0.2

Example: Assume that the IT team now wants to search customer data by entering the customer’s First name, Last name, Mobile number, and Personal ID. 

Example: Name Smith, Last Name Dsouza, Mobile number 8433776941, Personal ID AZ80918

The IT team will go to the GDQ module and create a Governed Data Query. Then, they will add the privacy terms and configure the term search conditions. (Here, users can search the data with a combination of different privacy terms and values).

They will then add the configured search term values, execute the GDQ, and view the results to see all the associated data objects for the customer.

Governed Data Query Summary Page

The Governed Data Query (GDQ) summary page displays the list of predefined Data Query names that are created under each domain. It contains information such as GDQ name, Steward (approver who can approve the GDQ), Creation Date, and Created By. 

Users can do the following within the Governed Data Query module:

  • Create a new GDQ
  • View the list of GDQs
  • Configure each GDQ with combinations of privacy terms
  • Update the GDQ configuration with more privacy terms
  • Add entries based on the configured terms to search the customer information
  • Edit the GDQ entries
  • Run or execute all or specific GDQ search entries
  • View associated data objects for the search result
  • Delete a Governed Data Query

Creating a Governed Data Query

To create a Governed data Query in the Governed Data Query summary page,

  1. Go to Governance Catalog > Governed Data Query.
  2. Users can create a new GDQ Query.
    An “Add Governed Data Query” page opens to create a Governed Data Query.

    1
  3. In the Add GDQ page, enter the following:
    1. GDQ name-A unique name for the Governed Data Query.
    2. Domain- Select the Domain name from the list that has the privacy terms.
    3. Steward-Approver for the Governed Data Query.

  4.  Click 2to create and display the data query on the summary page.
    3-May-31-2024-09-17-16-0833-AM

Configuring Privacy Terms to Perform a Search

Once the Data Query is created, the privacy terms must be configured. To add the privacy terms and set the term conditions,

  1. Go to Governance Catalog > Governed Data Query
  2. Choose and select a Data Query by clicking the radio button of the corresponding query.
  3. Select 9 Dots > Configure Terms to add the privacy terms with search conditions to build the Data Query. OvalEdge provides an option to configure various privacy terms and set multiple search conditions.
  4. Add the privacy terms and set conditions.
    If required, click see more terms to add another row of terms and conditions.
  5. Click Save Terms to store the search criteria for the GDQ.
    5

Search Criteria for Privacy terms

Complex queries can be built using a combination of privacy terms and operators that can later be set to required values. This page provides information about the operators available for building these queries, and specific conditions for searching terms. 

AND operator: When you enter terms separated by the word "AND," a record will only be found if all the terms you specified are contained somewhere in the associated data objects. For example, if you enter “Gabriel” as your search entry for the term “First name” and “Dizzosa” as your search entry for the term “Last name,” the result will only display if a record matches both of the search conditions.

OR operator: When you enter terms separated by the word "OR," a record will be found if any of the terms you specified is contained somewhere in the associated data objects. For example, if you enter “Gabriel” as your search entry for the term “First name,” and “Dizzosa” as your search entry for the term “Last name,” the result will display records that match either the first name or the last name or both the entries.

In OvalEdge, configured terms with “AND” conditions execute on all the associated data objects separately, just as configured terms with “OR” conditions execute on all the associated data objects separately.

Note:

  • Users can also choose how the entries should match. 
  • Select EQUAL for an exact match or LIKE for all or partial matches.

Editing the terms

Once you configure the Privacy terms and the search conditions, users can add more privacy terms by editing.

To edit and add more terms to a Governed Data Query:

    1. Go to Governance Catalog > Governed Data Query.
    2. Select a Data Query by clicking the checkbox to the corresponding query.
    3. Select Configure Terms to edit the privacy terms and search conditions of the data Query.
    4. Add new terms and conditions or edit existing terms and conditions.
    5. Click Update Terms to update and save the changes.
      6

Deleting the Governed Data Query

To delete a GDQ:

  1. Go to Governance Catalog > Governed Data Query.
  2. Select the Data Query that needs to be deleted, by clicking the checkbox to the corresponding query.
  3. Click on Delete GDQ to delete the GDQ.
    A pop-up window opens to ask the user for confirmation to delete the GDQ.
  4. Click Confirm to Delete the GDQ.

7

Search Entries

Once the Privacy terms and conditions are configured, users can add/edit/delete the entries to search for customer information.

To add the entries:

  1. Go to Governance Catalog > Governed Data Query.
  2. Click on the GDQ name.
  3. Click to add the entries for the configured terms.
    A pop-up window to add new entries is displayed.
  4. Add the entries and click Save Entries to save.

9

Editing the Entries

  1. Go to Governance Catalog > Governed Data Query.
  2. Select and click a GDQ name.
  3. Select the checkbox near the entry to make the changes.
  4. Click on 9 Dots > Edit Entry to change the entries for the configured terms.
    A pop-up window to Edit entries is displayed.
  5. Make the changes and click Update Entries to save.

10

Deleting the Entry

  1. Go to Governance Catalog > Governed Data Query.
  2. Select and click a GDQ name.
  3. Select the checkbox near the entry to delete.
  4. Click the icon to delete the entry.
    A pop-up window asks for the user's confirmation to delete the entry.
  5. Click Confirm to delete the entry.

12

Executing the Governed Data Query

Multiple search entries can be made for a single search criterion. Entries in a single GDQ can be executed in bulk or individually.

Executing each Entry

  1. Go to Governance Catalog > Governed Data Query.
  2. Click a GDQ name.
  3. Select an entry to execute.
  4. Click  .
    A job is submitted to execute the entry search in the data objects mapped under that domain.

Executing all the Entries at once

  1. Go to Governance Catalog > Governed Data Query.
  2. Click a GDQ name.
  3. Click the to execute all the entries at once.
    A job is submitted to execute the entry search in the data objects mapped under that domain.

Viewing results of the Governed Data Query

Once the entries are executed, the matched results can be viewed using the View results tab.

To view the results of an entry:

  1. Go to Governance Catalog > Governed Data Query.
  2. Click a GDQ name.
  3. Select an entry.
  4. Click the to see the data objects as a result of the search.
    A new page opens, displaying the list of all the associated data objects that has the information entered in the GDQ.

17

18