Addressing GDPR data privacy requests

The FootPrints product provides capabilities that help administrators address the personal data protection and privacy requirements associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).

Note

This BMC document provides general information about the General Data Protection Regulation (GDPR) and GDPR key requirements. It is not intended to provide any legal advice. The GDPR can be found at https://ec.europa.eu/info/law/law-topic/data-protection_en. Under this new Regulation, any organization handling personal data of European Union residents, regardless of its location, needs to understand which GDPR requirements apply to its organization and accordingly devise a plan for adjusting its systems and processes and for educating its people. Although BMC is not in the business of data privacy compliance software, some of the features of the FootPrints product can help customers meet some requirements of the GDPR. For more information about how BMC solutions can help achieve the requirements of the GDPR, see https://www.bmc.com/it-solutions/gdpr-compliance.html.

To comply with the GDPR requirements, you might need to perform the following actions:

Locating personal data

Perform the following steps to locate a customer's personal data:

  1. Create a unique customer identifier that you can use to search for their personal data. We recommend that you use their email address or userID.
  2. Perform a quick search of the address books for all contact records associated with the customer by using the unique identifier. For more information, see Searching and Reporting in FootPrints User Guide.
    If you don't have a unique identifier, perform a manual search of each contact record.
  3. Perform a quick search for all tickets associated with the customer, by using the unique identifier or the following information:
    • Name
    • Phone number
    • Organization
  • For more information, see Searching and Reporting in FootPrints User Guide.
  • If you don't have a unique identifier or other the other information about the customer, perform a manual search of each ticket.

After you have located the customer's personal data, you can export it as follows:

  1. Create a saved search based on the quick search results.
  2. From Service Analytics, build a report and export it in XLSX or PDF format. For more information, see Configure Reporting in FootPrints Administrator's Guide.

To check if you hold a customer log-in credential for FootPrints, navigate to Administration > Users, and use the unique identifier in the User name or Name columns to filter the list.

Deleting and purging personal data

After locating a customer's personal data in contact records and tickets, you can delete them from the application as follows:

  1. In the Number of Records per page field at the bottom of the search grid, enter the number of records. You can delete up to 500 records at one time.
  2. Press the Ctrl or Shift key to select the records to delete.
  3. Click Delete.

Deleting records from the application prevents anyone viewing them, but they are still available in the database. To purge deleted records from the database, ask your database administrator to remove the ticket and contact rows.

To learn about the FootPrints database schema, see FootPrints Data Model guide.

For more information, contact BMC Support .

Anonymizing personal data

To delete only personal data but not the tickets that contain personal data, you can remove personal data or replace it with generic information by performing one of the following procedures:

  • After locating the tickets associated with a customer, manually remove the data or replace it with generic information.
  • Perform the following steps:
  1. Make a note of the fields that contain the personal data.
  2. Contact your database administrator.
  3. Find all personal data in the tickets and replace it with generic information. You can use the following SQL scripts to perform this operation across the FootPrints database:

If there is a user account associated with the customer in the system, replace the account name with a generic name and then delete the account. The customer's actions still appear in the ticket history, but the account appears as a deleted account with a generic account name (for example, Anonymous User).

To learn about the FootPrints database schema, see FootPrints Data Model guide.

For more information, contact BMC Support .

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Manuel Shelton

    This does not address several issues. The issues that privacy related data is stored in description field, ticket history, and attachments.

    So from concept point of view there must be a possibly to define rules on workspace level on which tickets to act and then on those tickets contact data, ticket history, description field and corresponding attachments are deleted/ anonymized. This must also include a mechanism to define the custom field of that workspace for which the data deleted/ anonymized.

    Jun 04, 2020 07:43
    1. Dov Kaiser

      Hi, Manuel. Thank you for contacting us. We have forwarded your input to the writer who is responsible for this content.

      Jun 04, 2020 07:55
      1. Manuel Shelton

        Hi Dov,

        unfortunately, I do not think the writer alone can help here because up to current Version of FP 11.6.11 this functionality does not exist. Hence there are no adequate ways of selectively removing the privacy relevant information from a workspace. Due to European Privacy Laws I do think this topic should be addressed and corresponding functionality provided.

        Jun 08, 2020 07:29
        1. Dov Kaiser

          Hi, Manuel. We recommend that you contact Customer Support to log a formal ticket on this issue. 

          Jun 16, 2020 04:43