GDPR process workflow
Overview of the GDPR process work flow for retrieval and deletion of customer's personal data on request.
GDPR_Manage_Request Service
When an application user makes a request for either retrieving customer's personal data or for deletion of customer's data, Sterling™ Order Management System Software calls the GDPR_Manage_Request service, which puts the message in the messaging queue. The GDPR_Manage_Request service captures requests for retrieval or deletion of personal data for an authorized individual.
The GDPR_Manage_Request service expects either the PersonInfoKey or customer identifiers, such as CustomerKey or CustomerID, along with the OrganizationCode to be passed in the service input. If both PersonInfoKey and customer identifier are passed in the input, the service considers only the PersonInfoKey.
<GDPRData PersonInfoKey="" CustomerID="" CustomerKey="" OrganizationCode="" Action="GET"/><GDPRData PersonInfoKey="" CustomerID="" CustomerKey="" OrganizationCode="" Action="DELETE"/>GDPR_Execute_Request Service
The request added to the messaging queue by the GDPR_Manage_Request service is picked up by the GDPR_Execute_Request service. This SDF service enables asynchronous invocation of GDPR_Get_Detail_Data and GDPR_Delete_Data services. Based on the request type either GDPR_Delete_Data or GDPR_Get_Detail_Data service is called and respective events are invoked.
Apart from the asynchronous service process flow for GDPR mentioned above, there are SDF services such as GDPR_Get_Data, GDPR_Restrict_Data, and GDPR_Undo_Restrict_Data, which can be invoked synchronously.