GDPR retention policy

This policy is used to manage instance data subjects (user, contact, customer, or supplier) that have no transactions after a certain date. The data subject can have zero transactions, due to inactivity or archiving. Data from these data subjects should be redacted from the customer's system. GDPR performs a search for personal data based on a defined retention policy in 'Data Subject. Connect Retention Policy' (CMS077).

The policy checks for records in the Data Subject table (DTFI) wherein if last transaction date (field set in DTTC) is beyond the retention days, the list of data subject key values (field set in DTFD) is returned.
From the list of data subject key values, the policy checks the Transaction Table (DTTF) if there are existing records for the listed data subject key.

If the record is within the retention period, it is removed from the list. Otherwise, the record is retained.

Setting up (CMS077)

Note: A record for GDPR must also be set up in 'Data Subject. Set Action' (CMS076).

Create a retention policy by specifying this information:


Program/Panel	Field	The field indicates...
(CMS077/B1)	Retention policy	...the name of the retention policy.
(CMS077/E)	Description	...the description of the retention policy.
(CMS077/E)	Data subject	...the type of individual who is the subject of the personal data. It is specified as follows: 1– 'User' 2–'Contact' 3–'Customer' 4–'Supplier'
(CMS077/E)	Company to search	...the company for which the records will be used in search.
(CMS077/E)	Data subject table	...the primary table that contains the data representing a data subject.
(CMS077/E)	Data subject key field	...the key in the table that represents the personal data.
(CMS077/E)	Transaction table	...the table where details about the last transaction with the data subject are saved.
(CMS077/E)	Transaction date field	...the date field in the transaction table that dictates the last transaction with the data subject.
(CMS077/E)	Transaction key field	...the field in the transaction table that identifies the data subject.
(CMS077/E)	Retention days	...how many days the personal data of a data subject are kept in the system if the data subject did not perform any action.
(CMS077/E)	Responsible	...who is responsible for the retention policy. The user receives an application message when an inactive data subject is found with the retention policy. Message type 014 must be activated to enable receipt of an application message.

When running a retention policy, the program runs these functions:

A CMS077Sbm job is submitted and then, CMS210Sbm job is automatically submitted after.
A message is generated in 'Application Message. Open' (CRS420) where the 'Data Subject Run' is located.

You can use the 'Data Subject Run' from (CRS420) message to do necessary actions in other programs such as 'Data Subject Run. Open Lines' (CMS211), 'Data Subject Run. Search Result' (CMS212) and 'Data Subject Run. Review Action' (CMS213).

Data subject logs can be found using program 'Data Subject Log. Open' (CMS221).