Skip to content

Flow Name: Execute GDPR Privacy Action

Last Updated: 2025-08-20 Source Code: Execute_GDPR_Privacy_Action.flow-meta.xml

API Name: Execute_GDPR_Privacy_Action Status: Active Type: Custom Trigger: Screen Flow (User-initiated)

Business Purpose

This flow implements GDPR compliance by providing a controlled process to anonymize customer personal data. It validates business prerequisites before allowing anonymization, ensures proper user consent through confirmation screens, and initiates the anonymization process through platform events while maintaining data integrity and regulatory compliance.

Process Flow

  1. Subscription Validation: Check for active subscriptions that prevent anonymization
  2. Committee Membership Check: Verify if user is an active committee member
  3. Order Status Validation: Check for incomplete orders
  4. Account Data Lookup: Get account details including auto-renewal settings
  5. Auto-Renewal Check: Validate if auto-renewal is enabled
  6. Portal User Validation: Confirm account is a customer portal user
  7. Business Rule Enforcement: Block anonymization if any blocking conditions exist
  8. User Confirmation: Display appropriate warning/confirmation screens
  9. User Record Validation: Check if user already anonymized or exists
  10. Anonymization Preparation: Set GDPR flag and deactivate user
  11. Platform Event: Trigger anonymization process via User_Anonymization__e event
📊 Click to view Process Flow Diagram 
flowchart TD
    Start([Start: Screen Flow (User-initiated)]) --> Screen[Display Screen:<br/>User Input Required]

    Screen --> UserInput[User Enters Data]
    UserInput --> Process[Process Input]
    Process --> Action[Execute Action]
    Action --> End([End])

    style Start fill:#e1f5ff
    style Screen fill:#fff4e1
    style UserInput fill:#e1ffe1
    style Process fill:#ffe1e1
    style Action fill:#ffe1e1
    style End fill:#e1f5ff

Key Business Rules

Blocking Conditions (prevent anonymization): - Active subscriptions (Status = "Active") - Active committee memberships - Incomplete orders (not "Activated" or "Cancelled") - Active auto-renewal settings (Auto_Renew__c = true) - Non-customer portal users (IsCustomerPortal = false)

Anonymization Process: - Sets Apply_Privacy_Request_GDPR__c = true on User - Deactivates user (IsActive = false) - Creates platform event with hardcoded User_Id__c = "000000000000777" - Only processes if recordId is provided and User exists

Dependencies

  • Account object with Auto_Renew__c, IsCustomerPortal fields
  • User object with Apply_Privacy_Request_GDPR__c field
  • Subscription__c object with Status__c field
  • Committee_member__c object
  • Order object with Status field
  • Platform Event: User_Anonymization__e
  • Person Account functionality (PersonContactId)

Changes

No specific pull request or change notes documented in the flow metadata.

⚠️ Pre-Go-Live Concerns

CRITICAL - Fix Before Go-Live

  • Hardcoded Platform Event Field: User_Id__c hardcoded to "000000000000777" - this breaks the anonymization process
  • No Validation of Account Type: Doesn't verify account is Person Account before proceeding
  • Missing Error Handling: No fault paths for platform event creation failure
  • Data Integrity Risk: Could anonymize wrong user due to hardcoded platform event field

HIGH - Address Soon After Go-Live

  • Incomplete Business Logic: No validation of related data (contacts, cases, opportunities) that may need anonymization
  • Platform Event Reliability: No confirmation that anonymization platform event processes successfully
  • User Communication: No email notification to user that anonymization is complete
  • Audit Requirements: Limited audit trail for GDPR compliance reporting

MEDIUM - Future Enhancement

  • Configurable Blocking Rules: Business rules are hardcoded - consider making configurable
  • Related Record Handling: No consideration of other related records that may contain PII
  • Partial Anonymization: No option for selective field anonymization
  • Rollback Mechanism: No way to reverse anonymization if done in error (though this may be intentional)

LOW - Monitor

  • Screen Text Maintenance: Multiple hardcoded warning messages in screens
  • Variable Naming: Some variables have typos (isActiveAutorenewal, anonimized)
  • Flow Performance: Multiple SOQL queries could impact performance

Maintenance Notes

This is a CRITICAL, HIGH COMPLEXITY flow that handles GDPR data privacy compliance. Any issues with this flow could result in: - Regulatory compliance violations - Incomplete data anonymization - Business process disruption - Legal liability

Security Considerations: - Controls access to data anonymization capabilities - Implements business rule validation before data destruction - Creates permanent, irreversible changes to customer data - Must comply with GDPR "right to be forgotten" requirements

Compliance Considerations: - Must maintain audit trail for regulatory reporting - Process must be reliable and complete - User consent must be properly documented - Related personal data must be handled appropriately

Recommended Review Schedule: - Before any GDPR-related system changes - Quarterly review with legal/compliance team - Before any related object structure changes - Annual compliance audit

Critical Dependencies: Platform event processing reliability, User_Anonymization__e event handler functionality, related anonymization flows