Integrations in Ethyca build a complete picture of where your users' personal data resides. Integrations are key to building a compliant data map and fulfilling automated data subject requests, acting like a bridge to connect with 3rd party applications.
Ethyca partners with different 3rd party SaaS integrations to help automate the data subject request process across your data systems. We typically integrate with API endpoints that will return and delete all data associated with a subject. If an API connection is not available, we also have the ability to send automated emails to your partners to ensure subject erasures are being processed on your behalf. Each support article in our Data Integration Library includes detailed steps for configuring your integration for the retrieval and erasure of data.
When setting up a Data Integration in Ethyca there will be two key sections to complete:
- Connection Details
- Configures the inputs necessary to connect your Integration (e.g. API key, username, admin token, etc.)
- Determines if this Integration supports manual or automated data subject processing
- Advanced Settings - Data Mapping
- Provides the required fields for building your compliant data map
- Links back to the business purpose for collecting personal data
For your organization to be fully configured and privacy-compliant, you'll need to integrate each one of your business's Data Integrations with Ethyca.
To connect an Integration, you will want to go Integrations in the Control Panel and follow the steps below:
Step 1) Select the blue ➕ icon to set up your first connection.
Step 2) Select an Integration from our Integrations Library by typing any name into the Search Bar.
If we don't have the Integration available for automation, simply type the system into the Search field and click the link to "create a custom integration". More information on adding a manual integration to your data map can be found here.
Step 3) Add the Connection Details required for the selected Integration.
Each 3rd party system has a dedicated article containing an implementation summary and setup guide. You can find all of the setup instructions in the left navigation or search for your integration.
If you are adding a Mail Drop or Manual Integration, no Connection Settings are required.
Data mapping is the process of inventorying the personal data in your business systems. Keeping an up to date data map is vital for staying in compliance with GDPR's Article 30 Record of Processing Activities (RoPA) and CCPA's personally identifiable information disclosure.
All the information added in the Data Mapping section will be ready for export in your Ethyca Data Map.
A breakdown of each field can be found below:
|Purpose of Processing||Description for why you use this software system. Example: SMS Marketing or Customer Service|
|Retention Period||How long data is data stored in that system? Note that this is for documentation purposes only. Ethyca does not carry out activities related to managing your retention period. Example: 90 days, 6 months, 12 months, never etc.|
|Subject Types||Select whose information flows through this system: Employee or Customer. Example: Employee data will flow through an HR system, whereas only customer data will flow through a CDP system.|
|Recipient Types||Select who has access to the data in this Integration: Internal or External Example: If all the data is only accessible by your company's employees, select "internal". If any part of the data in this Integration is shared with a 3rd party for any reason - e.g., payment PII being shared with credit agencies - select "external".|
|Recipients in other countries||What other countries receive this data? Select all countries where other parties will access this data. Example: United States, Canada, Ireland|
Lastly, don't forget to link back to your Data Use Cases! As a reminder, a Data Use Case is a business purpose for which data is collected, transformed, processed, or stored. Ethyca builds your data map by getting all your Data Use Cases in a row and figuring out how they link together through your connected systems.
For example, if you use Stripe for both customer support and payment processing, you'll want to check off multiple use cases, as seen in the screenshot above.
In order to see and link Data Use Cases in your Data Integrations, you first must add Data Use Cases in the Data Use Case Digest. For more detail on how to create a Data Use Cases, you can review this support article on How to Create a Data Use Case in Ethyca.
It's vital to test your new Data Integration to ensure that it's properly connecting into your tech stack. If the Integration passes the connection test, you can proceed with configuring additional Integrations, and also kick off a test subject request!
If the Integration failsthe connection test, we recommend reviewing the set up instructions to ensure the proper credentials are configured.
Once your connection is passed, you can go ahead and edit your data Integration by clicking the pencil icon to the right of the Connection Test. When you are in edit mode, you can review your Connection details, configure your DSR Customization, and complete your Data Mapping.
DSR Customization is where you can customize what your customers see in the download package. You can define what is returned to your subjects, how to label that information for clarity, and what data to erase.
Selecting "User Can Download" will ensure the data category will be including in the download package. Selecting "User Can Erase" will ensure data is deleted from the 3rd party system. If there is no checkbox available, that means there is no API endpoint available for access or deletion.
As you go through the the DSR customization workflow, make sure to open each folder to capture all the PII available.
For more information on what the final DSR download package will look like, check out our support article here.
Once you have completed the DSR Customization exercise and reviewed your Data Mapping details, click SAVE, and you are all set!
Ethyca presently offers Data Integrations for about 80 commonly-used SaaS applications. If you don't see one you're looking for, email us at [email protected].
Updated about a month ago