Skip to content

Flow Name: User Data Anonymization

Last Updated: 2025-06-05 Source Code: User_Data_Anonymization.flow-meta.xml

API Name: User_Data_Anonymization Status: Active Type: Custom Trigger: After Save - User Record Update

Business Purpose

This flow executes the actual user data anonymization process as part of GDPR compliance. When a User record is updated with the GDPR anonymization flag and deactivated, this flow calls an Apex class to obfuscate the User data and creates a platform event to trigger anonymization of related Contact and Account records.

Process Flow

  1. Trigger Conditions: Flow executes when ALL conditions are met:
  2. Apply_Privacy_Request_GDPR__c = true (GDPR flag set)
  3. ContactId is not null (external/portal user)
  4. IsActive field changed (typically to false)
  5. IsActive = false (user deactivated)
  6. User Obfuscation: Calls UserObfuscator Apex class to anonymize User record fields
  7. Platform Event Creation: Creates User_Anonymization__e event with:
  8. Contact_Id__c = User's ContactId
  9. User_Id__c = User's Id
📊 Click to view Process Flow Diagram 
flowchart TD
    Start([Start: After Save - User Record Update]) --> Screen[Display Screen:<br/>User Input Required]

    Screen --> UserInput[User Enters Data]
    UserInput --> Process[Process Input]
    Process --> Action[Execute Action]
    Action --> End([End])

    style Start fill:#e1f5ff
    style Screen fill:#fff4e1
    style UserInput fill:#e1ffe1
    style Process fill:#ffe1e1
    style Action fill:#ffe1e1
    style End fill:#e1f5ff

Key Business Rules

  • Only processes external users (Users with ContactId)
  • Only triggers when GDPR flag is set AND user is deactivated in the same transaction
  • Requires IsActive field to change (ensures this runs only when user is being deactivated)
  • Uses CurrentTransaction model for immediate processing
  • Anonymizes User data before creating platform event for related records

Dependencies

  • User object with Apply_Privacy_Request_GDPR__c and ContactId fields
  • UserObfuscator Apex class for User data anonymization
  • Platform Event: User_Anonymization__e
  • Related platform event handlers for Contact/Account anonymization

Changes

PR-29947: Flow created to anonymize users with contactId != null and create User Anonymization platform event

⚠️ Pre-Go-Live Concerns

CRITICAL - Fix Before Go-Live

  • Apex Class Dependency: Complete reliance on UserObfuscator Apex class - no validation it exists or works correctly
  • Missing Error Handling: No fault paths for Apex action failure or platform event creation failure
  • Transaction Boundary: Uses CurrentTransaction - if platform event fails, User anonymization could be rolled back
  • No Validation: No checks that User data was actually anonymized by Apex class

HIGH - Address Soon After Go-Live

  • Platform Event Reliability: No confirmation that User_Anonymization__e event processes successfully
  • Audit Trail: Limited logging of anonymization execution and success/failure
  • Related Data Completeness: No validation that all related personal data gets anonymized
  • Bulk Processing: No consideration for bulk anonymization scenarios

MEDIUM - Future Enhancement

  • Success Verification: Add verification that UserObfuscator successfully anonymized data
  • Error Handling: Implement fault paths with appropriate error messaging
  • Monitoring: Add logging/monitoring for anonymization process execution
  • Configuration: Consider making anonymization rules configurable

LOW - Monitor

  • Variable Usage: userContactId variable defined but not used
  • Flow Simplicity: Very simple flow - could be expanded with more validation
  • Performance: Monitor Apex class performance during anonymization

Maintenance Notes

This is a CRITICAL, MEDIUM COMPLEXITY flow that executes the core GDPR anonymization functionality. This flow is the final step in the anonymization process and directly impacts: - Legal compliance with GDPR requirements - Customer data protection - Regulatory audit requirements

Security Considerations: - Processes actual personal data anonymization - Irreversible data changes - Must ensure complete anonymization of all personal data - Critical for regulatory compliance

Data Integrity Considerations: - User data anonymization happens before related record anonymization - Platform event must succeed to anonymize related Contact/Account data - Transaction boundary could impact data consistency

Performance Considerations: - Apex class execution within flow transaction - Platform event creation in same transaction - Must handle User records efficiently

Recommended Review Schedule: - Before any User object changes - Before anonymization-related Apex class changes - Quarterly compliance review with legal team - Before any GDPR process modifications

Critical Dependencies: - UserObfuscator Apex class functionality - User_Anonymization__e platform event processing - Related anonymization flows that handle Contact/Account data

Testing Requirements: - Must test complete end-to-end anonymization process - Verify all personal data is actually anonymized - Test platform event processing reliability - Validate audit trail completeness