Summary
As per the global definition, General Data Protection Regulation (GDPR) is a new set of rules defined to give European customers more control over their personal and sensitive information and how it is being used within Organizations. GDPR applies wherever personal data is processed.
Examples of Personal Data found in Data Sources
- First name, last name/ surname, maiden name
- Email address
- Home address (street, zip, postal code, city)
- Phone number
- Photo
- Date of birth
- Bank account number
- Credit card number
- National Identification Number, (Social) Insurance Number, Social Security Number
- Taxpayer Identification Number, Tax File Number, Permanent Account Number
- Passport number, national ID number, driver's license number
- Vehicle registration plate number
- Employee number
- IP address
- Location data
- Handwriting
- Login
- Password
- Social media profile IDs/links
- Mobile device IDs
- Employment history, job title
- Education history
- Payroll data
- R & D data
- Personal Medical Data
Purpose of Governed Data Query
Governed Data Query (GDQ) is a tool that assists in retrieving any customer information or specifically any Personal Identifiable Information (PII) from the entire organization’s database complying with GDPR and other regulations laid out by different government authorities. OvalEdge assists to comply with any such regulations.
For instance, when a customer (for example you), has subscribed to a service from a vendor (let's say a Cell Phone provider) all your personal information is stored in the Phone provider databases. You can ask for the following things from the Cell Phone provider:
- Show all the information the company has about you.
- Delete all the information the company has about you. (Provided you left the business with this vendor like you switched your cell phone provider)
The above scenarios are complex as the company IT team must develop processes and tools to retrieve all the Customer data from all their data sources.
OvalEdge provides a solution to this. Once the data is cataloged in OvalEdge, the IT team or the responsible person can classify and audit the privacy information (using the Data Classification module).
The privacy information is governed using business terms created under each domain. That means the IT team can classify and group the privacy data under each domain. Once the privacy terms are created, the IT team can associate appropriate data objects with these terms to identify the Customer information. Since the privacy information contains sensitive data, it can be masked or restricted when creating the terms.
See How to add a PII to learn about Masking and restricting the column data.
Now when a user requests the cell phone provider to discover and delete all his information, the provider can simply use the Governed Data Query module in OvalEdge. The IT team can build search patterns around the business terms and by discovering the associated data objects, the IT Team can gather the Customer information present in the entire organization.
For more details on the entire process, See GDQ Process Flow .
Roles and Permissions
A user role who has access to a specific DOMAIN with RO/RW permissions can ONLY create a Governed Data Query(GDQ) in that DOMAIN. Additionally, users with an OE_ADMIN role can create a GDQ.
In GDQ summary page users can configure privacy terms, edit terms, add/ edit/ delete entries.
Note: User roles who don’t have any DOMAIN access cannot add a GDQ.
DOMAIN Access |
Meta Permission Type |
Permission Abbreviation |
Access Privileges |
Yes |
READ ONLY |
RO |
|
Yes |
READ WRITE |
RW |
|
No |
READ ONLY/ READ WRITE |
RO/RW |
|
See this article Manage Users and Roles to know more about user roles and permissions.