Traversing the pinnable hierarchy for personal data purge

To identify entities that can be purged, PolicyCenter makes multiple passes through the pinnable hierarchy. PolicyCenter establishes the initial purge graph and then handles both the disposition of each node, like MUST_NOT_DESTROY, and any Do Not Destroy flags. Based on these passes through the pinnable hierarchy, PolicyCenter can perform a partial purge if necessary and maintain data integrity.

In general, the steps involve:

1. Starting with the root of the purge request, form a graph by traversing up and down the pinnable hierarchy.

   See Discovering the entity purge graph.

2. Compute disposition of the root node and all descendants of the root. Exclude entities marked MUST_NOT_DESTROY and their ancestors.

   See Traversing the purge tree to determine disposition.

3. Exclude all ancestors of archived policy periods that are descendants of the root.

   See Traversing the purge tree to determine archived policy periods.

4. Propagate the Do Not Destroy flag of any entity discovered while building the initial graph.

   See Propagating the Do Not Destroy flag.

5. Purge entities that remain purgeable.

   See Purging eligible entities.

6. Report conflicts to the Data Protection Officer. For example, an entity that is marked MUST_DESTROY is not purgeable because it has a descendant with Do Not Destroy flag that is set.

   See Reporting purge tree conflicts.

See also

• Pinnable hierarchy in PolicyCenter
• PersonalDataPurgeTree