Restricting processing of GDPR data

IBM Sterling Order Management System provides GDPR_Restrict_Data and GDPR_Undo_Restrict_Data SDF services for stop or start processing of GDPR data pertaining to an individual that is stored in the IBM Sterling Order Management System database.

Prerequisite: Make sure that you enable GDPR support in IBM Sterling Order Management System. For more information, see Enabling GDPR support in IBM Sterling Order Management System.

GDPR_Restrict_Data Service

The GDPR_Restrict_Data service restricts the publishing of personal data fields in the individual’s personal data that is stored in the IBM Sterling Order Management System database. Before you enable restriction on the GDPR data, this service verifies whether any business data in need exists for the customer in which case data restriction is denied.

If no business data in need exists for the individual, the restriction of the requesting individual’s personal data is done by inhibiting selective fields that are being published as part of the IBM Sterling Order Management System API output.

The GDPR_Restrict_Data service accepts the following data in the input:
Table 1. GDPR_Restrict_Data service input template
Input Data Description
@PersonInfoKey Primary key attribute of YFS_PERSON_INFO table that stores contact information of a person or a business.
@CustomerKey The primary key for the YFS_CUSTOMER table.
@CustomerID The identifier for the customer. If this attribute is passed, the OrganizationCode must also be passed.
@OrganizationCode The organization code of the organization to which the customer belongs. This attribute is required, if @CustomerID is passed in the input.
Here is sample input to the GDPR_Restrict_Data service for enabling restriction on the personal data:
<GDPRData PersonInfoKey="" CustomerID="" CustomerKey="" OrganizationCode=""/>
The GDPR_Restrict_Data service returns the following data in the output:
Table 2. GDPR_Restrict_Data service output template
Output Data Description
@IsRestrictionSuccessful Indicates whether the request for enabling restriction was successful or not.
@RestrictionDeniedReason The business reason for denying the request for enabling restriction.
@PersonInfoKey Primary key attribute of YFS_PERSON_INFO table that stores contact information of a person or a business.
@CustomerKey The primary key for the YFS_CUSTOMER table.
@CustomerID The identifier for the customer. If this attribute is passed, the OrganizationCode must also be passed.
@OrganizationCode The organization code of the organization to which the customer belongs. This attribute is required, if @CustomerID is passed in the input.
Here is sample output from the GDPR_Restrict_Data service for enabling restriction on the personal data:
<GDPRData IsRestrictionSuccessful="" RestrictionDeniedReason="" PersonInfoKey="" CustomerID="" CustomerKey="" OrganizationCode=""/>

GDPR_Undo_Restrict_Data Service

The GDPR_Undo_Restrict_Data service can be used to undo the restriction on the publishing of personal data fields in the individual’s personal data that is stored in the IBM Sterling Order Management System database. This service looks for matching records in the YFS_GDPR_RESTRICTION table. The record, if found is removed hence allowing the restriction on the data records to be disabled.

The GDPR_Undo_Restrict_Data service accepts the following data in the input:
Table 3. GDPR_Undo_Restrict_Data service input template
Input Data Description
@PersonInfoKey Primary key attribute of YFS_PERSON_INFO table that stores contact information of a person or a business.
@CustomerKey The primary key for the YFS_CUSTOMER table.
@CustomerID The identifier for the customer. If this attribute is passed, the OrganizationCode must also be passed.
@OrganizationCode The organization code of the organization to which the customer belongs. This attribute is required, if @CustomerID is passed in the input.
Here is sample input to the GDPR_Undo_Restrict_Data service for removing restriction on the personal data:
<GDPRData PersonInfoKey="" CustomerID="" CustomerKey="" OrganizationCode=""/>
The GDPR_Undo_Restrict_Data service returns the following data in the output:
Table 4. GDPR_Undo_Restrict_Data service output template
Output Data Description
@IsUndoRestrictionSuccessful Indicates whether the request for removing restriction was successful or not.
@PersonInfoKey Primary key attribute of YFS_PERSON_INFO table that stores contact information of a person or a business.
@CustomerKey The primary key for the YFS_CUSTOMER table.
@CustomerID The identifier for the customer. If this attribute is passed, the OrganizationCode must also be passed.
@OrganizationCode The organization code of the organization to which the customer belongs. This attribute is required, if @CustomerID is passed in the input.
Here is sample output from the GDPR_Undo_Restrict_Data service for removing restriction on the personal data:
<GDPRData IsUndoRestrictionSuccessful="" PersonInfoKey="" CustomerID="" CustomerKey="" OrganizationCode=""/>