What is GDPR and how privacy requests can be addressed on Integration Services

Knowledge Article

What is GDPR and how privacy requests can be addressed on Integration Services
GDPR concepts and tools to address privacy requests on Integration services
BMC Helix ITSM
Integration Service
Integration Service, AR server ITs version 18.05 and higher version.
BMC Helix ITSM
Integration Service
Integration Service, AR server ITs version 18.05 and higher version.
BMC Helix ITSM
Integration Service
Integration Service, AR server ITs version 18.05 and higher version.
This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers.

The  BMC Integration Service solution provides capabilities that help administrators address the personal data protection and privacy requirements associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).

Note

This BMC document provides general information about the General Data Protection Regulation (GDPR) and GDPR key requirements. It is not intended to provide any legal advice. The GDPR can be found at https://ec.europa.eu/info/law/law-topic/data-protection_en. Under this new Regulation, any organization handling personal data of European Union residents, regardless of its location, needs to understand which GDPR requirements apply to its organization and accordingly devise a plan for adjusting its systems and processes and for educating its people. Although BMC is not in the business of data privacy compliance software, some of the features of the BMC Integration Service solution can help customers meet some requirements of the GDPR. For more information about how BMC solutions can help achieve the requirements of the GDPR, see https://www.bmc.com/it-solutions/gdpr-compliance.html


Related topics

Official EC website: General Data Protection Regulation 

BMC and GDPR compliance  

Personal data in  BMC Integration Service

According to the GDPR, personal data includes any information that can identify an individual directly or indirectly. For example, the following data can be considered as personal data: name, phone number, email address, IP address, government ID number, credit card numbers, and similar. 

BMC Integration Service  stores personal data in databases and related files for an unlimited time period (until the data is deleted, modified, or anonymized).

Using the  BMC Integration Service  Personal Data Privacy Utility

The  BMC Integration Service  Personal Data Privacy (PDP) Utility can be used by the data protection officer or the administrator to respond to the data privacy requests and inquiries from individuals. Use the Personal Data Privacy (PDP) Utility to perform the following GDPR compliance activities:

Note

To use the BMC Integration Service Personal Data Privacy (PDP) Utility, you must have the administrator role.

Before you begin

  1. Obtain the following information from the requester:
    • User name
    • Email address
    • First name
    • Last name

    • Phone number

      Note

      The utility searches for a match between the data that is provided by the requester and the data that is stored in the BMC Integration Service databases.

      • If an individual's personal data is stored in BMC Integration Service , the matching data is returned in the response.
      • If an individual's personal data is not stored in BMC Integration Service , no data is returned in the response. (The response is blank.)
  2. Extract the pdp-util.zip file, and go to the command line in the directory where the extracted file is located.

To find personal data

  1. Run the following script: 

    node pdp_util.js scan
  2. In the console, follow the prompts to provide the following information: 
    • BMC Integration Service  tenant URL
    • Administrator login
    • Administrator password
    • Requester data (user name, email address, first name, last name, phone number)

If the utility finds matching personal data, you receive a response in the following format: 

Records found with specified personal data:
 
Users:
Username = user username, Email = user email, First Name = user firstName, Last Name = user lastName, Phone = user phone
 
Accounts:
Connector = app name, Username = profile username
 
Flows:
Title = flow title, Description = flow description
 
Comments:
User = comment user, Text = comment value
 
Conditions:
Field = field name, Value = field value
 
Mappings:
Field = target field name, Value = mapped matching text values
 
Configurations:
Connector = app name, Name = appConfig name, Description = appConfig description

Use the response text to create a file that you can send to the requester regarding their personal data storage.

To anonymize personal data

Warning

Do not anonymize active users. The action of anonymization is not reversible.

  1. Run the following script: 

    node pdp_util.js remove
  2. In the console, follow the prompts to provide the following information: 
    • BMC Integration Service  tenant URL
    • Administrator login
    • Administrator password
    • Requester data (user name, email address, first name, last name, phone number)

    If anonymization is successful, you receive a blank response:


     
    }

After anonymization is finished, the personal data values are replaced by the value <Personal Data Removed> in different parts of the user interface, as shown in the following examples.

 

<Personal Data Removed> in the Users section

User-added image

 

<Personal Data Removed> in the Accounts section
User-added image
 

 

 

<Personal Data Removed> in the Flows section

User-added image

 

 

<Personal Data Removed> in the Configuration section
User-added image

 
Attachment(s):
pdp-util.zip