The DSP assists clients with regulatory and corporate compliance by:
- Restricting access to personal data (any data that can be used to identify a person), handled through DSP security and through purging data after a retention date has passed. Purging data is configured in Common and Collect.
- Tracking and logging user access to this data throughout the product, which is configured in System Administration.
Settings must be configured before compliance can begin.
- An Administrator must enable the logging feature in System Administration. By default, the DSP tracks access to all pages; however, an Administrator can control which pages are tracked. Refer to Log Access to Personal Data in System Administration for more information.
- At the client site, an Administrator must also set up auditing for these specific tables in the DataSource named “DataGarage”.
When a Data Controller updates any retention expiration date, an e-signature is required and captured in the audit records.
- At the client site, an Administrator should also set up auditing for any tables that contain regulated data. Refer to Enable Auditing for Tables with Personal Information in System Administration for more information.
- A Collect Administrator must configure data protection for Targets, Sources and Tables.
Additionally a Common Administrator can:
- Add custom data classifications and information types as needed
- Update Retention Expiration Warning Period
- Update the Retention Expiration Email
Any user who has access to the target can:
NOTE: Once the data is purged from a table, the table is deactivated. It cannot be refreshed either manually or automatically.