Data Rules, Data Rule Actions

Data Rules make it possible to define a set of data protection actions to be performed on selected objects of a given object type. This way a combination of anonymization, archiving and deletion can be preconfigured for repeated use. Each of the actions with a data rule is represented by a Data Rule Action object which specifies the type of action, how the action will be executed and on which objects.

Data Rule Creation

Data rules are administered in the 'Data Rules' catalog found in the Data Protection Manager sidebar.

1. Open the 'Data Rules' catalog and call context menu action 'Create'. The 'New: Data Rule' editor opens.
2. In the editor, provide a description of the data rule (e.g. the context for its use, the intended purpose or known limitations).
3. The actual function of the data rule is based on the actions it contains. Go to the 'Actions' tab to create and ad individual data rule actions.

   In the 'Actions' tab, call context menu action 'Create'. The 'New: Data Rule Action' editor opens.

4. In the editor, specify the action properties:
   • Action

     Select the action to be performed: Archive, Delete or Anonymize.

     When Archive or Delete is selected, a browser of existing archiving configuration opens. Select one archiving configuration and click 'Ok'. Selection of the archiving configuration determines the target object type for the action and a configuration of related object types on which the action also will be performed. The condition (selecting which objects of the object type will be processed) defined in the archiving configuration is ignored by the data rule action.

     When Anonymize is selected, a browser of existing anonymization configuration opens. Select one anonymization configuration and click 'Ok'. Selection of the anonymization configuration defines how objects will be anonymized. The condition defined in the anonymization configuration is ignored by the data rule action.

     If the archiving or anonymization configuration is used without the DPM, the condition from the configuration object is applied as usual.

   • Apply to

     Select data on which the action will be performed: Active data or Archive.

     Each of the actions within the data rule can be independently performed on either the active or the archive data. For example, it is possible to run 'Archive' on active data and 'Delete' on archive data. Note, however, that the sequence of actions within the data rule is not fixed (there's no order specified) and to prevent data cross-processing (e.g. trying to anonymize already deleted data), individual actions within the data rule should be defined on disjunctive data sets.

   • Execution

     Select how the action will be triggered: Manual or Automated.

     For each of the actions within the data rule the execution mode can be independently specified. See below for details on manual versus automated execution.

   • Condition

     Use the 'Set Condition' button to specify a condition selecting which objects of the object type will be processed. The condition specified here overrides the selection condition defined in the underlying archiving or anonymization configuration.

     Note that specifying the condition is mandatory.

     Click 'Ok' in the 'New: Data Rule Action' editor to save the first data rule action and close the editor.

5. Back in the 'Actions' tab, gradually add data rule actions as necessary.

   Note that selection of the first archiving or anonymization configuration determines the object type to which the entire data rule will apply. As objects of only one object type can be processed by actions within one data rule, all subsequent additions of actions to the data rule will be guided by the object type of the first configuration (e.g. only configurations created for the given object type will be offered for selection).

Data Rule Actions Execution

The data rule must be saved before its data rule actions can be executed. Individual actions are executed independently.

• Manual Execution

  Data rule actions with the Execution attribute set to 'Manual' are meant to be run manually.

  1. Select the action in the 'Actions' tab of the Data Rule editor.
  2. Call the 'Execute' action (context menu action or button at the bottom of the tab).
  3. A confirmation dialog informing about the number of objects that will be processed gets displayed. Click 'OK' to proceed.
• Automated Execution

  Execution of data rule actions with the Execution attribute set to 'Automated' is governed by Valuemation Business Process Engine. See topic 'Scheduling' for more information.

Information about each performed data protection action is logged in the 'Data Log' catalog.