How does Coupa apply retention periods related to personal data in the system?
All objects in the Coupa database, which also includes where personal data might be stored by customers, have REST APIs and loaders (CSV via UI or SFTP) where the customer can clear out any fields they'd like. Both master data (for example, user profiles) and transactional data can be managed via REST APIs and loaders where a customer admin user can clear out or scramble data fields based on the selected criteria. The customer admin can apply these changes at any time.
To further illustrate the application of these admin tools, let’s review how a single user profile record can be managed. A Coupa user profile relies upon a minimum of two supplied data points: a user name and a user email address. Behind the scenes, a Coupa generated User ID serves as the primary key used in every transaction stored in the database. If personal data is used to create the user profile, then deleting such data from Coupa simply requires overwriting the name and email address with non-personal data. This can be achieved through the user interface by editing the user profile with admin rights.
User Details for Sam Gold are like this in the master data.
Accordingly, every single purchase request entered by Sam Gold mentions his name as the requester in the transactional data record:
Once the Admin changes Sam Gold’s name to “Deleted 1 Deleted 1”, the requester detail in every purchase request in the transactional data set will be updated.
In addition to the user interface (UI) option, the same operation can be performed in bulk using the following tools:
The following step-by-step approach serves as an example.
A step-by-step approach
Coupa offers several options to deal with users and automate the process of overwriting their (personal) data.
The process is highlighted by 3 steps:
- Step 1: Extract the data
- Extract from Coupa the users you want to purge by creating a custom report
- Extract from Coupa every user and apply some logic on the export file to filter out users
- Step 2: Edit the CSV file and overwrite the personal data
- Step 3: Upload the modified CSV file in order to overwrite the data into Coupa
Step 1: Extract the data
a) Extract from Coupa the users you want to purge by creating a custom report
Custom reports can be defined for any object, and more specifically on users. This is a convenient way to extract a subset of data out of Coupa. You can define as many criteria as you want and filter out users accordingly, but also select the user properties to be extracted. In the screenshot below, you may choose to use “Last Login Date” and “Active” as criteria to determine who you want to target for your management and retention policy. Perhaps users who have not logged in last year and have also been marked inactive fall into this category.
You then define when you want to generate this report and its format. In our case, this report creates a CSV file made available on the SFTP server every Monday. As an option, you can request the CSV file to be sent by mail.
b) Extract from Coupa every user and apply some logic on the export file to filter out users
If you need to apply a more sophisticated logic to filter out users, you can always export every single user created into Coupa. Standard integrations available under the integrations menu provide export reports for any object in Coupa
The Coupa User File Export generates a CSV export containing every user and all of his properties. Both options generate a CSV flat file.
Step 2: Edit the CSV file and overwrite the personal data
After downloading the CSV file locally, you have to edit it with the file editor of your choice and overwrite the personal data, but do not modify the Login ID since this field is the primary key.
Step 3: Upload the modified CSV file in order to overwrite the data into Coupa
Connect to fileshare.coupa.com using an SFTP client and your credentials, upload the CSV file you’ve just modified using an SFTP client under /Incoming/Users.
This file will be processed automatically by Coupa and your users are updated according to the new set of data you've just entered.
As a reminder, these are examples of how User Profile master data can be managed, but all master data in Coupa behaves the same way.
Legal Disclaimer - This website is provided for informational purposes only and should not be considered as a contractual commitment or legal advice and does not discuss other privacy-related laws or regulations that may also be relevant to our customers and prospects, including any industry-specific requirements. The relevant privacy and data protection laws and regulations applicable to individual companies will depend on several factors, including but not limited to where a company conducts its business, the industry in which it operates, the type of content it wishes to store, where or from whom the content originates, and where the content will be stored.
Tags recommended by the template: article:topic