Addressing data privacy requests in BMC Helix Business Workflows

BMC Helix Business Workflows provides a capability that help administrators to address the personal data protection and privacy requirements that are associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).


This BMC document provides general information about the General Data Protection Regulation (GDPR) and GDPR key requirements. It is not intended to provide any legal advice. The GDPR can be found at Under this new Regulation, any organization handling personal data of European Union residents, regardless of its location, needs to understand which GDPR requirements apply to its organization and accordingly devise a plan for adjusting its systems and processes and for educating its people. Although BMC is not in the business of data privacy compliance software, some of the features of the BMC Helix Business Workflows  product can help customers meet some requirements of the GDPR. 

For more information about how BMC solutions can help achieve the requirements of GDPR, see

Personal data in 
BMC Helix Business Workflows

BMC Helix Business Workflows stores users' personal data in the People records in the foundation data, and in the cases or tasks created by or for an employee. People records can include sensitive personal information like name, employee ID, phone numbers, email address, picture, office address (location), and home address. 

Product usage analytics does not collect personal information and individuals are not identified when tracking data. All data is anonymized — However, companies can be identified.

Capabilities for handling personal data

An administrator can perform multiple operations including lookup for personal data stored in BMC Helix Business Workflows, provide users with their personal data in a safe way, and replace users' personal data permanently. These operations must be performed in the production environment and you chose to move the data from production into development and QA systems, then you need to perform the operations again for each additional environment.

These operations enable the administrator to:

  • Fulfil a user's search request for personal data.
  • Replace personal data.

Fulfilling a search request

By using the BMC Helix Innovation Suite utility, the administrator can search for users' personal data that is available in BMC Helix Business Workflows. The search operation is performed on structured and unstructured data.

To enable search operation for structured data, for example, JSON and HTML, BMC SaaS Operations must configure the content-definition setting by providing the following value:


If the content-definition setting is not configured, then the search is performed on the fields with datatype as Text and CLOB (character large object).

The search operation requires you to enter a field label and the value to search for within that field. Search is based on the sensitive person data in the system like name, employee ID, phone numbers, email address, picture, office address (location), and home address. 


Data stored in the following components cannot be searched or replaced:

  • Attachments stored along with records instances
  • Process definitions
  • Localized strings

The search results display person records and ticket data for the searched value. If you want to share the search results, you can download them to a .csv file. 

For more information about searching for person data, see  Addressing data privacy requests Open link .

Replacing data

Replacing data for BMC Helix Business Workflows includes replacing existing information. This activity does not permanently delete the data, however, it is replaced with a non-readable information permanently. Data that is not marked for replacement is not lost, so any related information like cases, is still available in the system and is displayed in the reporting data. 

Data should be replaced only in cases where the employees or end users are no longer in a business relationship to ensure that BMC Helix Business Workflows continues to work as expected. Once data is replaced, the user or end user can no longer work with BMC Helix Business Workflows. For example, if an employee quits the organization, they can no longer call and request to create a case on their behalf. However, other data like the cases they worked on is still available in search results and reporting data.

For example, when you replace data for a user in BMC Helix Business Workflows, information related to the user's case is not lost. replaced data values are not readable in the records. This ensures that any information required for reporting purposes, or managing cases is unaffected. 

To replace the data, as an administrator, you must perform the following operations in the sequence listed:

1.Search and Replace

Use this operation to search for the required data.

If you want to replace the data with a specific value, enter the value in the the Replace field of the Search and Replace screen. If the Replace field is left blank, data is replaced with the fied GUID. For more information about searching for data, see Fulfilling a search request.

When the search is complete, open the search record and review the results to decide what data to replace. 


Use this operation to select the data records that you do not want to replace.

To retain the data in a record displayed in the search result, you need to enable the Ignore flag in that record . You need to do this for each record, for which you do not want to replace the data.


Use this operation to replace the data.

The replace operation is performed only on the fields with datatype Text and CLOB.
When you select records you must consider replacing the following data:

  • Data combinations that could indirectly revel a user's identity.
  • Any custom fields added that may contain sensitive data.
4.Search and Replace

Run the search operation to validate the replace actions. 

Perform a fresh search for the details that have been replaced to ensure that the data has been successfully replaced. Alternatively, you can rerun your original search to verify that any data that was to be replaced is no longer displayed in the search results.

For more information about replacing users' personal data, see  Addressing data privacy requests Open link  in the BMC Helix Innovation Studio documentation. 

Was this page helpful? Yes No Submitting... Thank you