In our previous post on the General Data Protection Regulation (GDPR), we explained that Dell Technologies has identified six high-risk obligations that organizations must meet for GDPR compliance. Boomi has used this framework to assess how its unified platform can aid organizations as they prepare for the GDPR.
Boomi Master Data Hub provides organizations the ability to address three of the six high-risk obligations for GDPR: Record Keeping, the Accountability Principle and Data Retention.
GDPR Obligation: Record Keeping
Boomi’s Master Data Hub helps enable the tracing and maintaining of data lineage across all attributes for the user, providing a framework of the relationships among data stores, locations, channels and types of consent across linked data sources. For every golden record (a superset of attributes that need to be synchronized to all systems integrated through Boomi), Master Data Hub maintains granular data lineage capabilities.
For example, for every update request processed through the Boomi Hub on behalf of an application, Boomi can track that change against the records it keeps within the repository and help the customer ensure the change meets any applicable compliance standards based on a customer’s settings.
If an organization’s data stewards determine the change is compliant, it can be applied to the records within the repository. The Boomi Hub identifies the exact values that are changing and versions the updated record. In this way, there is a comprehensive history of attribute changes for every master record.
GDPR Obligation: Accountability Principle
The Boomi Hub provides customers the ability to set up data governance rules and keep an audit trail of changes that happen in the system. By default, the Boomi Hub adheres to a basic workflow for every change request processed.
The Hub administrator can also set up additional data governance policies. The extension of Master Data Hub capabilities through Boomi Flow also lets customers add workflows, such as data change requests, deletion requests and review requests to help ensure compliance.
For every system that’s trying to contribute a change, the Boomi Hub can be configured to identify at the field level what values are required for approval and, if a change is detected, whether it needs to be reviewed. Through the Hub stewardship console, which is a standard feature, Boomi quarantines any traffic that fails to respect the rules that an organization has put in place.
As a default setting, the stewardship console allows administrators to see into the queue of outstanding requests that need to be approved, review the master records, and drill down to see the history of changes that have been applied to those records. Integration developers can control what master data updates are contributed to the Hub.
Boomi also maintains a series of operational reporting interfaces for any inbound change request that enters into the Boomi Hub. These interfaces can be enabled to track how that request maps through the data lifecycle. Is the data enriched or the record updated, or did the request fail to meet established rules? On the outbound side for traffic that leaves the Hub, it offers an operational interface for tracking what is delivered to a target system.
The Boomi Hub can also be configured to enable end-to-end auditing of data traffic, with a historical reporting console that summarizes a series of metrics to ensure the health of master data over time, including how many records are failing to meet compliance on a daily basis.
GDPR Obligation: Data Retention
The Master Data Hub can also be used to track the deletion of data from all contributing systems and third-party data sources to assist in compliance with the GDPR’s “right to be forgotten” clause. The Hub provides the ability to design customizable fields and validation rules tailored to applications and data sets, which helps prevent the mastering and/or proliferating of extraneous information.
As a delete request is sent through the system, it retires the golden record maintained in the stewardship console and persists a delete command through every spoke on the Boomi Hub where that golden record is synchronized. This will occur in near-real-time for every system and data source integrated with the Boomi Hub.
The GDPR Clock is Ticking
GDPR was approved by the EU Parliament on April 14, 2016, and takes effect on May 25, 2018. That’s when organizations in non-compliance may face heavy fines.
Clearly, GDPR requirements impose serious data management demands on businesses. Without data and application integration, GDPR compliance can prove difficult. It’s really the heart of the matter — and the Achilles heel for many large organizations.
As Dell’s Brett Hansen, general manager of data security, notes, data storage policies must be examined closely.
“Data is collected, it is stored, it is typically manipulated in some fashion, analyzed and then, at some point, ideally, it is sunsetted,” he says.
This was part three of a four-part series that examines the data management implications of GDPR. If you haven’t already, please read part one, “What Is GDPR and Why Does It Matter,” and part two, “GDPR: Ready, Set, Go.”
In part four, we’ll review the Boomi AtomSphere integration platform’s built-in privacy and security features, which give organizations control over their data management priorities beyond GDPR requirements. Stay tuned!