Anonymize database action

Application management : Configuration : GDPR : GDPR-related components : Anonymizing data : Anonymize database action

Following GDPR legislation, it is not allowed to have privacy related information available on non-production systems.

Anonymize database

For this reason, a generic Anonymize database action is available in System Settings > Security to scramble/purge the information for the above business objects.

The Anonymize database action is designed to anonymize data in non-production environments in one go. It is specifically designed to be used in either of the following situations:

• Shipping the database elsewhere to prevent sending potential sensitive and personal information to a third party, for example to Planon Support.

• Moving a production database to a non-production environment, where there is no need in having potential sensitive and personal information available. After anonymizing the database, default test data could be onboarded for use in test cases.

• By clicking the generic Anonymize database, all instances of the business objects mentioned earlier, except for Accounts will be anonymized.
• This functionality is available only for non-production environments.
• To start generic anonymization, the general setting Stop end user access must be enabled.

Database procedure

Instead of using the Anonymize database on a non-production environment, you can also anonymize the whole database by creating a backup of the production database and executing the following database procedure:

PLN_ANONYMIZE_ALL

What does the action do?

When using the Anonymize database action, the following actions will be carried out:

• All history is deleted.

• Fields that are part of database constraints ('check' or 'unique' constraints) are skipped and are not anonymized, the value remains as is. Examples of these are:

◦ Visitor status: has a check constraint to make sure it contains a valid status.

◦ The uniqueness constraint of fields, such as Code, within a property set for certain business objects.

• Date/Time fields get the value 1970-01-01 00:00:00.

• Number and Decimal fields are cleared when they are part of a foreign key and not mandatory.

• Number and Decimal fields are skipped when they are part of a foreign key and mandatory.

• Number and Decimal fields get the value 0 when they are not part of a foreign key.

• Text fields are cleared when they are not mandatory.

• Text fields get the value * when they are mandatory.

Accounts in database procedure

The database procedure allows the following accounts to remain usable so the database remains accesible:

• SUPERVISOR

• CLOUDADMIN

• AWMDATAENGINEADMIN

• EVENTCONNECTORADMIN

• EXCHANGEADMIN

• SCHEDULERENGINEADMIN

In addition, the accounts linked to the user group specified in the System settings > General > Planon administrator group field will also retain access.