Addressing data privacy requests in BMC Helix Business Workflows
BMC Helix Business Workflows provides a capability that help administrators to address the personal data protection and privacy requirements that are associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).
This BMC document provides general information about the General Data Protection Regulation (GDPR) and GDPR key requirements. It is not intended to provide any legal advice. The GDPR can be found at https://ec.europa.eu/info/law/law-topic/data-protection_en. Under this new Regulation, any organization handling personal data of European Union residents, regardless of its location, needs to understand which GDPR requirements apply to its organization and accordingly devise a plan for adjusting its systems and processes and for educating its people. Although BMC is not in the business of data privacy compliance software, some of the features of the BMC Helix Business Workflows product can help customers meet some requirements of the GDPR.
For more information about how BMC solutions can help achieve the requirements of GDPR, see https://www.bmc.com/it-solutions/gdpr-compliance.html.
Personal data in BMC Helix Business Workflows
BMC Helix Business Workflows stores users' personal data in the People records in the foundation data, and in the cases or tasks created by or for an employee. People records can include sensitive personal information like name, employee ID, phone numbers, email address, picture, office address (location), and home address.
Product usage analytics does not collect personal information and individuals are not identified when tracking data. All data is anonymized — However, companies can be identified.
Capabilities for handling personal data
An administrator can perform multiple operations including lookup for personal data stored in BMC Helix Business Workflows, provide users with their personal data in a safe way, and replace users' personal data permanently. These operations must be performed in the production environment and you chose to move the data from production into development and QA systems, then you need to perform the operations again for each additional environment.
These operations enable the administrator to:
- Fulfil a user's search request for personal data.
- Replace personal data.
Fulfilling a search request
By using the BMC Helix Platform utility, the administrator can search for users' personal data that is available in BMC Helix Business Workflows. The search operation is performed on structured and unstructured data.
To enable search operation for structured data, for example, JSON and HTML, BMC SaaS Operations must configure the content-definition setting by providing the following value:
If the content-definition setting is not configured, then the search is performed on the fields with datatype as Text and CLOB (character large object).
The search operation requires you to enter a field label and the value to search for within that field. Search is based on the sensitive person data in the system like name, employee ID, phone numbers, email address, picture, office address (location), and home address.
Data stored in the following components cannot be searched or replaced:
- Attachments stored along with records instances
- Process definitions
- Localized strings
The search results display person records and ticket data for the searched value. If you want to share the search results, you can download them to a .csv file.
For more information about searching for person data, see .
Replacing data for BMC Helix Business Workflows includes replacing existing information. This activity does not permanently delete the data, however, it is replaced with a non-readable information permanently. Data that is not marked for replacement is not lost, so any related information like cases, is still available in the system and is displayed in the reporting data.
Data should be replaced only in cases where the employees or end users are no longer in a business relationship to ensure that BMC Helix Business Workflows continues to work as expected. Once data is replaced, the user or end user can no longer work with BMC Helix Business Workflows. For example, if an employee quits the organization, they can no longer call and request to create a case on their behalf. However, other data like the cases they worked on is still available in search results and reporting data.
For example, when you replace data for a user in BMC Helix Business Workflows, information related to the user's case is not lost. replaced data values are not readable in the records. This ensures that any information required for reporting purposes, or managing cases is unaffected.
To replace the data, as an administrator, you must perform the following operations in the sequence listed:
For more information about replacing users' personal data, see in the BMC Helix Platform documentation.