GDPR Right to be forgotten (RTBF) & SuccessFactors Employee Central Data Purge
GDPR Right to be forgotten (RTBF) & SuccessFactors Employee Central Data Purge:
Background: GDPR has several requirements on employee data & SuccessFactors has delivered many functionality related to GDPR in Q1-2018 Release. In this blog, I am going to discuss how the GDPR RTBF functionality can be addressed in SuccessFactors Employee Central. Before moving to the main topic on RTBF let’s do a lookup on some GDPR Requirement & SuccessFactors delivered functionality to fulfill those requirements.
|GDRP Requirement||SF Data Protection & Privacy Function||Functionality|
|Right to be forgotten (RTBF)||
|Through this functionality, we can mass delete/erase the employee data for which retention time is passed. Also, exceptionally we can delete/erase single employee’s data based on ad-hoc requirement (data can be within retention period for this case).|
|Change logging||Change Audit||This is used to check who has created/modified/deleted personal data.|
|Read logging||Read Audit||This is used to check who has accessed sensitive personal data of employee.|
|Right of access by the data subject||Information report||Through this we can generate a report which shows all personal data stored in system|
|Consent||Consent Statements||This is used to get consent from employee that their personal data will be stored in system. Currently not available for Employee Central.|
Sample Business Scenario as per GDPR RTBF: Say for a country as per GDPR RTBF, phone information data can be retained up to 12 months from the employee termination date. After 12 months, all the phone information data needs to be purged as per GDPR (This is sample business scenario, as per actual GDPR the requirement can be different).
Let’s check what important configuration requires for the above-mentioned business requirement.
Basic Approach on Data Purge: For data purge, recommended solution of SuccessFactors is DRTM (Data Retention Time Management). There are two steps for Data Purge configuration.
- Configuration of retention time – Based on data type, country, user status retention time can be configured.
- Schedule the purge job.
Step 1 (Prerequisites of DRTM): RBP, DRM2.0, MDF, Synch of data from HRIS, Synch of Country Picklist. Detail of the prerequisite is explained in the implementation guide book for Data Privacy.
Step 2 (Additional field in SuccessFactors Platform, optional for employee central data): In SuccessFactors Platform three field values are most important for data purge functionality & these three fields are Country, User Status & Termination Date. In case if we are using Employee Central those field values are synced from Employee Central to platform through HRIS synch Job.
How to Activate Termination date in Platform: For Termination Date add the standard element “companyExitDate” in the succession data model. This field value mainly is used to calculate data retention time for inactive users.
Complete the HRIS sync mapping between Employee Central & People Profile. Here the mapping is done with EC portlet Employment Info field “termination date”. Sample mapping below.
Step 3 (Access in Role for Data Purge based on DRTM: Here I am showing the access sections which are mainly important for DRTM & Data Purge.
Step 4 (Activation the DRMT’s from upgrade Centre): It is recommended to upgrade all the DRTMs from upgrade center though in case if you are not using some DRTM. Important DRTM upgrade related to Employee Central are shown below.
Step 5 (Update data for country MDF Object): In the country MDF object there is a new field called as “Data Retention Enabled “. Set the as field value for Data Retention Enabled as “yes” for those countries you want to implement DRTM. It is recommended to activate DRTM for all countries though you are not using DRTM for those countries. In the sample screen shot I have set the Data Retention Enabled for United Kingdom.
Step 6 (Set the retention Time for respective DRTM): Calculation of Retention times for each type of data is derived from a base data that is specific to that type of data. The base date has been described in the implementation guide book for Data Privacy. For example, base date for employee central phone information, personal details, Email, Dependents is the employee Termination date (effective end-date) in Employment Information. In the below screen shot retention time has been set for United Kingdom Phone Information for 12 Months after the termination date of employee.
Everything set & Let’s see how the data purge work. Here I have given example for Phone Information Purge.
How to purge the data
Step 1: Create Data purge request from Admin Centre à Data Retention Management (RBP Dependent). Here data purge request has been created for United Kingdom Personal Information which is effectively purging the Phone information data as per above configuration. If we select one user for data purge, then retention time (configuration of step-6) is not considered during data purge. If we use User Status & Countries, then the retention time (configuration of step-6) is considered during data purge. In the below scenario, we are using Inactive users for UK.
Step2: Approver approves the Data Purge Request from Admin Centre –> Maintenance Monitor (RBP dependent). Here the approver is sfadmin.
Before approval it shows the Preview Report of the data purging. Sample downloaded preview report for purging is below. In the report it show for which employee what data will be purged.
Once the data purging request is approved it starts data purge job based on scheduling time as per request.
Step 3: Once the job is processed we can view the job history. Sample history is below.
That’s all on the data purging for GDPR RTBF.
Let’s check the data which has been purged as per the above steps.
Phone Information data of the employee before data purge:
Employee was terminated on 20th Jan 2017 which is more than 12 months from the date set at Step 6 (Set the retention Time for respective DRTM) of DRTM for Phone Information.
After data purge phone information record is not available in system.