Customer data security is paramount. The following information outlines some of the ways that customer data is protected in Data Product Hub and what you are expected to do to help in these efforts.
- Customer responsibility
- IBM's commitment to GDPR
- GDPR statement that applies to log files
- Secure deletion from the Data Product Hub service
Customer responsibility
Customers are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation (GDPR). Customers are solely responsible for obtaining the advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that might affect the customer's business. They are responsible for any actions that are necessary to comply with such laws and regulations. The products, services, and other capabilities that are described here are not suitable for all customer situations and might have restricted availability. IBM does not provide legal, accounting, or auditing advice or represent or warrant that its services or products ensure that customers are in compliance with any law or regulation.
IBM's commitment to GDPR
Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey.
GDPR statement that applies to log files
Pay close attention to data privacy principles when you select a data product. Processing of PI is governed by vigorous legal requirements and is only allowed if it is based on an explicit legal basis. These regulations mandate that PI is processed only for the purpose for which it was collected. No other processing in a manner that is incompatible with this initial purpose is permissible. For these and other constrains these regulations place on your use of PI, we highly recommend that you do not use "real" PI in your data product unless it is allowed or permissible. You may substitute real PI using test data that is available on the public sphere.
Secure deletion
Data Product Hub does not directly store any personally identifiable information and data. All customer data is stored in customer-managed storage.
However, anyone that has personally identifiable information and data (PII) stored as part of using the Data Product Hub service, has the right to obtain erasure of that data from the controller without undue delay. The controller has the obligation to erase personal data without undue delay where one of the following conditions exists:
- There is PII data that is stored in the Data Product Hub service
- User email address and full name are stored as metadata related to the Data Product Hub repository assets.
- User provided service credentials.
Repository asset content can be securely deleted by performing one of the methods for permanently deleting personal data.
Options for permanently deleting personal data
To delete personal data permanently, remove the entire Data Product Hub service instance from IBM Cloud. This is possible by sending a deprovisioning request through various channels, such as the IBM Cloud UI, CLI, or REST API.
For the Data Product Hub service, personally identifiable information and data are removed completely from all data sources, including backups, after 30 days.
Learn more
Parent topic: General administration for Data Product Hub