Addressing data privacy requests
Personal data in BMC Helix Integration Service
According to the GDPR, personal data includes any information that can identify an individual directly or indirectly. For example, the following data can be considered personal data: name, phone number, email address, IP address, government ID number, credit card numbers, and so on.
BMC Helix Integration Service stores personal data in databases and related files for an unlimited time period (until the data is deleted, modified, or anonymized).
Using the BMC Helix Integration Service Personal Data Privacy Utility
The data protection officer or the administrator can use the BMC Helix Integration Service Personal Data Privacy (PDP) Utility to respond to the data privacy requests and inquiries from individuals. Use the Personal Data Privacy (PDP) Utility to perform the following GDPR compliance activities:
Before you begin
- Obtain the following information from the requester:
- User name
- Email address
- First name
- Last name
Phone number
- Extract the pdp-util.zip file, and go to the command line in the directory where the extracted file is located.
To find personal data
Run the following script:
node pdp_util.js scan- In the console, follow the prompts to provide the following information:
- BMC Helix Integration Service tenant URL
- Administrator login
- Administrator password
- Requester data (user name, email address, first name, last name, and phone number)
If the utility finds matching personal data, you receive a response in the following format:
Users:
Username = user username, Email = user email, First Name = user firstName, Last Name = user lastName, Phone = user phone
Accounts:
Connector = app name, Username = profile username
Flows:
Title = flow title, Description = flow description
Comments:
User = comment user, Text = comment value
Conditions:
Field = field name, Value = field value
Mappings:
Field = target field name, Value = mapped matching text values
Configurations:
Connector = app name, Name = appConfig name, Description = appConfig description
Use the response text to create a file that you can send to the requester regarding their personal data storage.
To anonymize personal data
Run the following script:
node pdp_util.js removeIn the console, follow the prompts to provide the following information:
- BMC Helix Integration Service tenant URL
- Administrator login
- Administrator password
- Requester data (user name, email address, first name, last name, and phone number)
If anonymization is successful, you receive a blank response:
{
}
After anonymization is completed, the personal data values are replaced by the value <Personal Data Removed> in different parts of the user interface, as shown in the following examples.
<Personal Data Removed> in the Users section
<Personal Data Removed> in the Accounts section
<Personal Data Removed> in the Flows section
<Personal Data Removed> in the Configuration section