GDPR Compliance Use Case: Prove 100% PII Erasure

You’ve got tons of data, but knowing exactly what you have and where to find it throughout all your different systems can be a nightmare – especially when regulation demands you do so quickly and accurately.

The General Data Protection Regulation ‘Right to be Forgotten’ clause stipulates that companies holding personal identifiable information (PII) about European residents must be able to fully
delete it in a timely manner upon request. This could be a name, a credit card number, an address, a birthdate…anything that can be used to identify the user. The company must be able to deliver within 48 hours, and failure to comply will be met with steep fines.

Data & Analytics Teams are the ones that have to do all the dirty work here. They have to go in and identify every single location of specific data items in order to be able to delete them. Even once they find what they’re looking for, they cannot just delete. They must be able to accurately understand the data flow, dependencies and impact analysis so that by deleting certain data items they do not distort existing calculations or reports.

Data & Analytics Team are used to conducting this process manually. What does this mean?

Let’s say the Data & Analytics Team must prove erasure of John Smith’s credit card details from their system. In order to locate this PII throughout the entire data organization, they must manually map the data movement process. This means they must trace the flow of John Smith’s credit card details backwards to understand its origin and life cycle – throughout databases, database objects, ETL processes, ETL calculations, report calculations, etc.

Tracking data items according to their associated metadata is one of the most common ways to do this, but this proves challenging as often times metadata is not uniform. Sometimes we see different metadata names for the same item: for example, ‘credit card number’, ‘cc number’, credit c number’, ‘card number’, ‘credit card no.’…the list goes on and on. In order to ensure they are able to completely delete John Smith’s credit card details from their organization, they must find everywhere his credit card number shows up in all the different systems, but it is often impossible to know where to look.

This process of discovery, reverse engineering and impact analysis can take weeks or even months, and like many manual processes, it is prone to human error and inaccuracies. This is why so many companies today are seeking an automated solution to accurately manage their metadata.

With Octopai’s automated metadata management platform, Data & Analytics Teams are able to conduct the entire process in a fraction of the time. They can find every single field or column where the credit
card number resides, find and understand all the dependencies and relationships that the data element “credit card number” is impacting in order to be able to accurately prove erasure.

Data & Analytics Teams no longer have to waste time manually searching for data to prove their ability to delete PII. They just search Octopai for the fields they require and within seconds they get a complete
view of the data movement process so they can go in and make the adjustments necessary for compliance.

• Cut the project cost by more than 50%
• 80% increased accuracy
• 80% faster time to market
• Elimination of overtime hours or additional staff
• For every $1 spent on metadata management, you save $6 in IT and development costs
• More than double the BI team’s capacity
• Zero business disruptions or production issues