How does the deepeo agent intervene to anonymize and delete data when a company uses Oracle databases? Quite simply, by acting at the very heart of the database.

 

With fiscal 2023 revenue of $50 billion, 430,000 customers in 175 countries, and 164,000 employees, Oracle is one of the behemoths in the database space.

The company, founded in 1977 by Larry Ellison, has nearly 19,000 patents. It claims to be the world’s first and only autonomous database, and the industry’s largest and most comprehensive suite of cloud applications. It has 5 million registered members in customer and developer communities.

 

The deepeo agent, a resident at the heart of Oracle databases

Compatible with most database technologies on the market, deepeo version 3.0 supports the following versions of the Oracle database: Oracle 10g, 11g, 12c and 19c. As with other databases, deepeo does not require the use of custom software, nor does it require time-consuming and expensive specific development. The deepeo agent resides in each database, manipulating the data on demand.

As for the deepeo portal, it allows you to read the content of the deepeo database directly in the Oracle database where the agent is installed. Fully configurable and configurable, it also allows the DPO to take into account his internal business rules and to create tailor-made business workflows, while setting up notifications and alerts. Remote management of agents across Oracle databases provides flexibility and a centralized, real-time view of personal data in the company’s information system.

 

Oracle Databases: Tools for GDPR Compliance, but Not Enough

As a database management vendor, Oracle offers tools to ensure data protection, which is one of the key pillars of the GDPR. Its “Data Safe” offering helps reduce the risk of data breaches and non-compliance with tools to address a wide range of use cases such as encryption, key management, blackout protection, and masking.

Oracle’s solutions also enable data access control, which is a fundamental step in securing a database system by validating the identity of the user accessing the database (authentication) and controlling the operations they can perform (authorization). In addition, enforcing segregation of duties helps prevent some users from abusing their system privileges to access sensitive data, while preventing accidental or malicious changes to the database.

But for companies using Oracle solutions that want to comply with the GDPR, some operations remain very complex – or even impossible – to carry out with the tools offered by the database giant. This is particularly the case for anonymization or deletion of data. To do this, it is necessary to use external solutions such as deepeo, which intervene directly on the database. This avoids the need to develop anonymization or deletion features in each existing application, thus facilitating processing in the event that several applications use the same database.

 

Anonymization and deletion of data in Oracle databases

Deepeo supports various anonymization features, including format-preserving encryption for text fields, disruption for dates and numeric fields, and the use of picklists. Deepeo also allows you to apply data masking (reversible anonymization) or permanent anonymization (non-reversible) to adapt to needs and different use cases.

The deletion of the data, triggered according to the rules established by the portal and the deepeo configuration, makes it possible to permanently delete sensitive data from the information system. A massive data purge is possible. It comes into play when a very large data store requires mass deletion of this data. The agent has a massive deletion feature that allows for this. This preserves the performance of the system.

The deepeo agent identifies, deletes and anonymizes data directly at the heart of the database by referring to the data retention policy and ensuring the possibility of reversing the changes made. It is configured to store relationships between data and thus comply with the company’s retention policy. Thus, and automatically, the commands necessary to perform the data correction are generated and executed by the solution.

 

A method that respects business rules

The deepeo agent method is very simple: it processes the data by applying business rules to PII (Personally Identifiable Information) data, allowing it to identify all the elements that comply with the rule. This is usually done on a weekly basis. A PII can be a customer, an account, or a transaction, but deepeo can also process any type of data from the moment the rules are configured.

By operating in this way, the deepeo software solution reduces the time and monetary cost of a data processing policy, as well as the risk inherent in storing it.

To go further, find out how our deepeo software solution can help you with its features

Data Deletion

Deletes all data for any data subject you no longer have a business or legal reason to hold.

Data Anonymiser

Perform the same operations as the data deletion, but anonymise a data subject’s data as opposed to deleting it.

 

Stay tuned, take another step towards data management by subscribing to our newsletter!