Search

US-20260127321-A1 - AUTOMATED VERIFICATION OF DATA PRIVACY INTEGRATION PROTOCOLS

US20260127321A1US 20260127321 A1US20260127321 A1US 20260127321A1US-20260127321-A1

Abstract

The present disclosure involves systems, software, and computer implemented methods for data privacy. One example method includes receiving a request to perform an integrated personal data retrieval protocol to verify results of a data privacy integration protocol. Response data is identified for the data privacy integration protocol. An integrated personal data retrieval work package is sent to applications that requests generation of a personal data export. Integrated personal data retrieval responses are received. The integrated personal data retrieval responses and the response data for the results of the data privacy integration protocol are automatically evaluated to generate data privacy integration protocol evaluation results. The data privacy integration protocol evaluation results are automatically provided to the requester.

Inventors

  • Matthias Vogel
  • Benny Rolle

Assignees

  • SAP SE

Dates

Publication Date
20260507
Application Date
20241105

Claims (20)

  1. 1 . A computer-implemented method, comprising: receiving, from a requester and by a data privacy integration service that integrates data privacy protocols across multiple applications in a landscape, a request to perform an integrated personal data retrieval protocol to verify results of a first data privacy integration protocol; identifying, by the data privacy integration service, response data for the results of the first data privacy integration protocol, including identifying responding applications that provided responses to the first data privacy integration protocol; sending, by the data privacy integration service, to each application of the responding applications, an integrated personal data retrieval work package that requests the application to generate a personal data export in response to the integrated personal data retrieval work package; receiving, by the data privacy integration service, from responding applications, in response to the integrated personal data retrieval work package, integrated personal data retrieval responses; automatically evaluating, by the data privacy integration service, the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol to generate data privacy integration protocol evaluation results; and automatically providing, by the data privacy integration service and to the requester, the data privacy integration protocol evaluation results.
  2. 2 . The computer-implemented method of claim 1 , wherein the first data privacy integration protocol is an integrated end of purpose protocol in which a respective responding application provides a vote for an object indicating whether the respective responding application can block the object.
  3. 3 . The computer-implemented method of claim 1 , wherein the first data privacy integration protocol is an aligned purpose disassociation protocol in which a respective responding application provides a vote for an object indicating whether the respective responding application can disassociate a purpose from the object.
  4. 4 . The computer-implemented method of claim 1 , wherein the integrated personal data retrieval work package includes an indicator that indicates that the integrated personal data retrieval protocol is for investigative or verification purposes.
  5. 5 . The computer-implemented method of claim 1 , wherein the integrated personal data retrieval work package includes an indicator that indicates that a responding application can include, in an integrated personal data retrieval response, metadata describing personal data rather than full copies of personal data.
  6. 6 . The computer-implemented method of claim 1 , wherein a responding application includes, in an integrated personal data retrieval response, information indicating whether exported personal data is blocked.
  7. 7 . The computer-implemented method of claim 1 , wherein a responding application includes, in an integrated personal data retrieval response, retention period information comprising retention period length or retention period assignment rules configured in the responding application.
  8. 8 . The computer-implemented method of claim 1 , further comprising: sending, by the data privacy integration service, the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol to an external evaluation engine external to the data privacy integration service; receiving, by the data privacy integration service and from the external evaluation engine, external evaluation results determined by the external evaluation engine based on evaluation of the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol; and providing the external evaluation results to the requester.
  9. 9 . The computer-implemented method of claim 1 , further comprising sending, by the data privacy integration service, the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol to the requester.
  10. 10 . The computer-implemented method of claim 9 , wherein the requester determines requester evaluation results by evaluating the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol.
  11. 11 . The computer-implemented method of claim 10 , wherein the requester presents the requester evaluation results in an administrative application.
  12. 12 . The computer-implemented method of claim 11 , wherein the requester presents the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol in the administrative application.
  13. 13 . The computer-implemented method of claim 11 , wherein the requester presents the data privacy integration protocol evaluation results determined by the data privacy integration service in the administrative application.
  14. 14 . The computer-implemented method of claim 1 , wherein the data privacy integration protocol evaluation results include data describing why certain objects were blocked or not blocked as a result of the first data privacy integration protocol.
  15. 15 . The computer-implemented method of claim 1 , wherein the data privacy integration protocol evaluation results include data describing a first inconsistency in that at least one object expected to be blocked after the first data privacy integration protocol is not blocked.
  16. 16 . The computer-implemented method of claim 15 , wherein the data privacy integration protocol evaluation results include data describing a second inconsistency in that at least one object expected to not be blocked after the first data privacy integration protocol is blocked.
  17. 17 . The computer-implemented method of claim 16 , further comprising determining, by the data privacy integration service, an application misconfiguration in a first responding application based on the first inconsistency or the second inconsistency.
  18. 18 . The computer-implemented method of claim 1 , wherein automatically evaluating the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol comprises evaluating using an artificial intelligence engine.
  19. 19 . The computer-implemented method of claim 1 , wherein: the request to perform the integrated personal data retrieval protocol comprises a first set of objects that includes multiple objects for which the first data privacy integration protocol was performed; the response data for the results of the first data privacy integration protocol comprises results for the multiple objects; and the integrated personal data retrieval work package comprises the multiple objects; wherein automatically evaluating the integrated personal data retrieval responses and the response data comprises identifying, using machine learning, at least one evaluation result pattern relevant to the multiple objects; and wherein automatically providing the data privacy integration protocol evaluation results comprises providing the at least one evaluation result pattern relevant to the multiple objects.
  20. 20 . A system, comprising: a computing device; and a computer-readable storage device coupled to the computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations comprising: receiving, from a requester and by a data privacy integration service that integrates data privacy protocols across multiple applications in a landscape, a request to perform an integrated personal data retrieval protocol to verify results of a first data privacy integration protocol; identifying, by the data privacy integration service, response data for the results of the first data privacy integration protocol, including identifying responding applications that provided responses to the first data privacy integration protocol; sending, by the data privacy integration service, to each application of the responding applications, an integrated personal data retrieval work package that requests the application to generate a personal data export in response to the integrated personal data retrieval work package; receiving, by the data privacy integration service, from responding applications, in response to the integrated personal data retrieval work package, integrated personal data retrieval responses; automatically evaluating, by the data privacy integration service, the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol to generate data privacy integration protocol evaluation results; and automatically providing, by the data privacy integration service and to the requester, the data privacy integration protocol evaluation results.

Description

TECHNICAL FIELD The present disclosure relates to computer-implemented methods, software, and systems for data privacy protocols. BACKGROUND Applications used for organizations can use master data (such as name and address) and transactional data (such as orders and bills). Transactional data typically references corresponding master data. For instance, a transactional object of type Order can refer to a master data object of type Customer. A given master data object can be referenced by one or more (or perhaps no) transactional objects. In some cases, data may be considered master data in one context and transactional data in another context. For example, insurance contract data may be considered transactional data with respect to a customer object but considered master data with respect to transactional insurance claim data. When an organizational landscape includes multiple systems, a master data replication process can be performed so that master data objects are consistent across systems. SUMMARY The present disclosure involves systems, software, and computer implemented methods for data privacy protocols. An example method includes: receiving, from a requester and by a data privacy integration service that integrates data privacy protocols across multiple applications in a landscape, a request to perform an integrated personal data retrieval protocol to verify results of a first data privacy integration protocol; identifying, by the data privacy integration service, response data for the results of the first data privacy integration protocol, including identifying responding applications that provided responses to the first data privacy integration protocol; sending, by the data privacy integration service, to each application of the responding applications, an integrated personal data retrieval work package that requests the application to generate a personal data export in response to the integrated personal data retrieval work package; receiving, by the data privacy integration service, from responding applications, in response to the integrated personal data retrieval work package, integrated personal data retrieval responses; automatically evaluating, by the data privacy integration service, the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol to generate data privacy integration protocol evaluation results; and automatically providing, by the data privacy integration service and to the requester, the data privacy integration protocol evaluation results. Implementations can include one or more of the following features. The first data privacy integration protocol can be an integrated end of purpose protocol in which a respective responding application provides a vote for an object indicating whether the respective responding application can block the object. The first data privacy integration protocol can be an aligned purpose disassociation protocol in which a respective responding application provides a vote for an object indicating whether the respective responding application can disassociate a purpose from the object. The integrated personal data retrieval work package can include an indicator that indicates that the integrated personal data retrieval protocol is for investigative or verification purposes. The integrated personal data retrieval work package can include an indicator that indicates that a responding application can include, in an integrated personal data retrieval response, metadata describing personal data rather than full copies of personal data. A responding application can include, in an integrated personal data retrieval response, information indicating whether exported personal data is blocked. A responding application can include, in an integrated personal data retrieval response, retention period information comprising retention period length or retention period assignment rules configured in the responding application. The data privacy integration service can send the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol to an external evaluation engine external to the data privacy integration service. The data privacy integration service can receive, from the external evaluation engine, external evaluation results determined by the external evaluation engine based on evaluation of the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol. The external evaluation results can be provided to the requester. The data privacy integration service can send the integrated personal data retrieval responses and the response data for the results of the first data privacy integration protocol to the requester. The requester can determine requester evaluation results by evaluating the integrated personal data retrieval responses and the response data f