The screenshot below shows a list of tables from a typical JD Edwards system which has been extracted into Safyr®, in this case over 4,000 tables, which is around the number in most such systems.
We can do a search across all these tables to find any that contain a field with the ‘business name’ of the field containing the string ‘birth’.
This reduces the list of over 4,000 tables to just 27. So there are 27 tables that have a field with the description of the field containing the string ‘birth’.
On the right of the list is a Row Count which gives the number of records in each table. Quite a few have zero – and this is not unusual in a JD Edwards system.
The query on ‘ birth’ can be refined to filter out any of the tables with no data and this gives just 12 tables (this may be very different in another JD Edwards system, depending on what features and modules of JD Edwards the customer uses).
Having found a set of tables that contain likely Personal Data attributes, the results can be recorded using what Safyr calls a Subject Area. This is like a folder where we can group tables, and can be refined further by identifying individual fields.
It’s easy to select the tables and add them to a Subject Area – and there is an option to ‘mark’ those fields that meet the selection criteria used (in this case ‘data of birth’ fields).
So the result is a group of tables that contain a field with the string ‘date of birth’ in the ‘business’, name and containing data.
The ‘Marked Fields’ column shows how many fields on each table meet the search criteria. In the example above, table F0111 has 3 such fields. The table details can be displayed to show the individual fields.
We could do this same process for other Personal Data fields until we had assembled a set of GDPR Subject Areas that represent all the Personal Data categories that need to be assessed.
Safyr then has features for merging these Subject Areas to create a consolidated list of Personal Data items. This brings together the Personal Data fields for each of the categories (Birth, Address, Credit Card Number….) into one integrated set.
Here is the same table – ‘Address Book Who’s Who’ shown above – with the merged fields from these categories.
Having identified and marked the Personal Data fields using the method described above, a next step might be to make the attributes for these fields easily available to a wider audience.
Safyr has a number of formats that can be exported, one of the most popular for GDPR being Excel. It’s easy to select exactly what properties to include in the spreadsheet.
Conclusion
Identifying candidate Personal Data attributes is but one step of any GDPR strategy. In the case of large application packages like JD Edwards it can be a very challenging first step. When maintaining compliance, we believe that metadata discovery software will be of value in keeping data catalogues, inventories and glossaries up-to-date with the locations of Personal Data across major packaged applications.