How should a Data Vault Satellite table containing Personal Identifying Information (PII) handle a GDPR request from a Customer executing their right to erasure. I've posted Article 17 Right to Erasure below. The full Article is at https://gdpr-info.eu/art-17-gdpr/.
I have an idea but haven't had a chance to implement GDPR in a Data Vault yet:
- Ensure Customer Satellites are split across PII fields and non-PII fields.
- Delete all records from each PII satellite for that Customer Business key.
- Insert a Ghost record into each PII satellite where that Customer existed using that Customer's Business Key.
- Use the Ghost records in the Presentation Layer Marts to publish their non-PII data and report that they are an Erased/Forgotten customer.
Art. 17 GDPR
Right to erasure (‘right to be forgotten’)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: