This documentation supports the 19.11 version of BMC Helix Platform. 
To view an earlier version, select 19.08 from the Product version menu.

Addressing data privacy requests

The BMC Helix Platform product provides capabilities that help administrators address the personal data protection and privacy requirements associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).


This BMC document provides general information about the General Data Protection Regulation (GDPR) and GDPR key requirements. It is not intended to provide any legal advice. The GDPR can be found at . Under this new Regulation, any organization handling personal data of European Union residents, regardless of its location, needs to understand which GDPR requirements apply to its organization and accordingly devise a plan for adjusting its systems and processes and for educating its people. Although BMC is not in the business of data privacy compliance software, some of the features of the BMC Helix Platform product can help customers meet some requirements of the GDPR. For more information about how BMC solutions can help achieve the requirements of GDPR, see .

Personal data in BMC Helix Platform

BMC Helix Platform applications may include users' personal data such as names, phone numbers, email addresses, government ID numbers, locations, credit card numbers, IP addresses, and so on that can identify individuals personally. 

Personal data in BMC Helix Platform log files

BMC Helix Platform retains the data in log files for a limited period of time and then the log files data is deleted from the BMC cloud.

Personal data used by the BMC Helix Platform Cognitive Service

BMC Helix Platform deletes all the conversation logs from the BMC cloud once a week.

For information about the log limits in IBM Watson Assistant (formerly known as IBM Watson Assistant), see Log limits in the Watson documentation.

For information about IBM Watson GDPR readiness, see GDPR in the Watson documentation.

Capabilities for handling personal data

BMC Helix Platform provides an administrator the following capabilities to protect user's personal data:

  • Perform a lookup to find whether any personal data of a user is stored in applications. 
  • Provide a user with their personal data in a safe way.
  • Replace users' personal data permanently in the applications.

On behalf of a user, an administrator can perform the following operations on user's personal data:


Searches for the user's personal data available in applications and provides a report of the search data. An administrator can download and send this data to the user in a portable and standard format such as .csv file format. The search operation is performed on structured and unstructured data.

To enable search operation for structured data, for example, JSON and HTML, BMC SaaS Operations must configure the content-definition setting by providing the following value:


If the content-definition setting is not configured, then the search is performed on the fields with datatype as Text and CLOB (character large object).


Replaces the user's personal data. The data is not deleted; however, it is replaced with a non-readable information permanently. The replace operation is performed only on the fields with datatype Text and CLOB.


Ignores a record during a replace operation.

You can exclude any personal data from getting replaced. The ignored records are not replaced.

You must consider the following points while performing operations on personal data:

  • You need to perform these operations in each environment separately such as development, QA, and production environments.
  • You cannot modify or search for the personal data stored in the following components:
    • Attachments stored along with records instances
    • Process definitions
    • Localized strings
  • You must not replace the login ID of a user.

To search for personal data

  1. Log in to BMC Helix Innovation Studio and navigate to the Administration tab.
  2. Select General > Data Requests.
  3. On the Data Requests page, click New to search for user's personal data.
  4. In the New Search and Replace Request section, enter the values for the following fields:

    LabelEnter the label of the personal data that needs to be searched such as name, email ID, and so on.
    Search StringEnter the personal data that the requester wants to search, such as John Smith,, and so on.
    Replace With

    Enter the value with which you want to replace the search string data.

    Note: If you leave the field blank, the value in the Search String is replaced with GUID.

    Add Search DataUse this option to add more personal data to search.
    CommentsEnter comments.

    After you submit a request, the request is displayed on the Data Requests page and the status of request is updated to Created. After the request is completed, the status is changed to Search Completed.

  5. Click Save.

You can view the search results by clicking the Request ID. The Request Details page displays the details for Submitter, Status, Search String, and Notes along with the search results. 

The following image shows an example of the search results:

To download personal data

After you perform a search operation on the personal data, you can download the data so that you can send the data to the user.

  1. Log in to BMC Helix Innovation Studio and navigate to the Administration tab.
  2. Select General > Data Requests.
  3. On the Data Requests page, select the Request ID of the search request that you performed earlier, and click Download Search Results, as shown in the following image:

    The personal data is download in the CSV file format.

To replace personal data

  1. Log in to BMC Helix Innovation Studio and navigate to the Administration tab.
  2. Select General > Data Requests.
  3. On the Data Requests page, select the Request ID of the search request that you performed earlier, and click Replace.

The status of the request is changed to Replace In Progress. After the request is completed, the status changes to Replace Completed.

GDPR request status

A GDPR request may have any of the following statuses depending on the request conditions:

Request statusDescription
CreatedSearch request or replace request is created
In ProgressSearch request is in progress.
Search CompletedSearch request is completed.
Replace In ProgressReplace request is in progress.
Replace CompletedReplace request is completed.
Search FailureSearch request failed.
Replace FailureReplace request failed.
Replace Completed With ErrorReplace request is completed but some errors were encountered during the process.
Was this page helpful? Yes No Submitting... Thank you