Deleting GDPR data

IBM Sterling® Order Management System provides GDPR_Delete_Data SDF service for deleting GDPR data pertaining to an individual that is stored in the IBM Sterling Order Management System database.

Prerequisite: Make sure that you enable GDPR support in IBM Sterling Order Management System. For more information, see Enabling GDPR support in IBM Sterling Order Management System.

The GDPR_Delete_Data service selectively updates the sensitive personal data fields in the individual’s personal data that is stored in the IBM Sterling Order Management System database. The service internally analyzes if any business data in need exists for the passed input criteria in which case the data deletion is denied.

If no business data in need exists for the individual, the deletion of the requesting individual’s personal data is done by deleting selective fields in the existing data such that IBM Sterling Order Management System still retains the remaining fields that are required for existing statistical analysis. Therefore, the deletion applies only to selective fields, which might identify the individual and the data that is retained with IBM Sterling Order Management System would be anonymous.

The GDPR_Delete_Data service invokes following events:

DELETE_DATA_SUCCESSFUL: This event can be activated to notify the user regarding successful data deletion.
DELETE_DATA_DENIED: This event can be activated to notify the user regarding the issue encountered during data deletion.

The GDPR_Delete_Data service is called asynchronously through the GDPR_Execute_Request service to minimize the performance impact on the existing business processes.

The YCPDeleteGDPRDataUE user exit is called during the GDPR_Delete_Data service execution to delete any additional personal data, which is being persisted in the local or external data source. For more information about the input and output structure of YCPDeleteGDPRDataUE user exit, refer to the Javadoc.

The GDPR_Delete_Data service accepts the following data in the input:

Table 1. GDPR_Delete_Data service input template
Input Data	Description
`@PersonInfoKey`	Primary key attribute of YFS_PERSON_INFO table that stores contact information of a person or a business.
`@CustomerKey`	The primary key for the YFS_CUSTOMER table.
`@CustomerID`	The identifier for the customer. If this attribute is passed, the `OrganizationCode` must also be passed.
`@OrganizationCode`	The organization code of the organization to which the customer belongs. This attribute is required, if `@CustomerID` is passed in the input.

Here is sample input to the GDPR_Delete_Data service for deleting the personal data:

<GDPRData PersonInfoKey="" CustomerID="" CustomerKey="" OrganizationCode=""/>

The GDPR_Delete_Data service returns the following data in the output:

Table 2. GDPR_Delete_Data service output template
Output Data	Description
`@IsDeletionSuccessful`	Indicates whether the request for deletion was successful or not.
`@DeletionDeniedReason`	The business reason for denying the request for deletion.

Here is sample output from the GDPR_Delete_Data service for deleting the personal data:

<GDPRData IsDeletionSuccessful="" DeletionDeniedReason="" PersonInfoKey="" CustomerID="" CustomerKey="" OrganizationCode=""/>