Addressing data privacy requests
The BMC Helix Platform product provides capabilities that help administrators address the personal data protection and privacy requirements associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).
Note
Personal data in BMC Helix Platform
BMC Helix Platform applications may include users' personal data such as names, phone numbers, email addresses, government ID numbers, locations, credit card numbers, IP addresses, and so on that can identify individuals personally.
Personal data in BMC Helix Platform log files
BMC Helix Platform retains the data in log files for a limited period of time and then the log files data is deleted from the BMC cloud.
Personal data used by the BMC Helix Platform Cognitive Service
BMC Helix Platform deletes all the conversation logs from the BMC cloud once a week.
For information about the log limits in IBM Watson Assistant (formerly known as IBM Watson Assistant), see Log limits in the Watson documentation.
For information about IBM Watson GDPR readiness, see GDPR in the Watson documentation.
Capabilities for handling personal data
BMC Helix Platform provides an administrator the following capabilities to protect user's personal data:
- Perform a lookup to find whether any personal data of a user is stored in applications.
- Provide a user with their personal data in a safe way.
- Replace users' personal data permanently in the applications.
On behalf of a user, an administrator can perform the following operations on user's personal data:
Operation | Description |
---|---|
Search | Searches for the user's personal data available in applications and provides a report of the search data. An administrator can download and send this data to the user in a portable and standard format such as .csv file format. The search operation is performed on structured and unstructured data. To enable search operation for structured data, for example, JSON and HTML, BMC SaaS Operations must configure the content-definition setting by providing the following value:
If the content-definition setting is not configured, then the search is performed on the fields with datatype as Text and CLOB (character large object). |
Replace | Replaces the user's personal data. The data is not deleted; however, it is replaced with a non-readable information permanently. The replace operation is performed only on the fields with datatype Text and CLOB. |
Ignore | Ignores a record during a replace operation. You can exclude any personal data from getting replaced. The ignored records are not replaced. |
You must consider the following points while performing operations on personal data:
- You need to perform these operations in each environment separately such as development, QA, and production environments.
- You cannot modify or search for the personal data stored in the following components:
- Attachments stored along with records instances
- Process definitions
- Localized strings
- You must not replace the login ID of a user.
To search for personal data
- Log in to BMC Helix Innovation Studio and navigate to the Administration tab.
- Select General > Data Requests.
- On the Data Requests page, click New to search for user's personal data.
In the New Search and Replace Request section, enter the values for the following fields:
Field Description Label Enter the label of the personal data that needs to be searched such as name, email ID, and so on. Search String Enter the personal data that the requester wants to search, such as John Smith, john.smith@gmail.com, and so on. Replace With Enter the value with which you want to replace the search string data.
Note: If you leave the field blank, the value in the Search String is replaced with GUID.
Add Search Data Use this option to add more personal data to search. Comments Enter comments. After you submit a request, the request is displayed on the Data Requests page and the status of request is updated to Created. After the request is completed, the status is changed to Search Completed.
Click Save.
You can view the search results by clicking the Request ID. The Request Details page displays the details for Submitter, Status, Search String, and Notes along with the search results.
The following image shows an example of the search results:
To download personal data
After you perform a search operation on the personal data, you can download the data so that you can send the data to the user.
- Log in to BMC Helix Innovation Studio and navigate to the Administration tab.
- Select General > Data Requests.
- On the Data Requests page, select the Request ID of the search request that you performed earlier, and click Download Search Results, as shown in the following image:
The personal data is download in the CSV file format.
To replace personal data
- Log in to BMC Helix Innovation Studio and navigate to the Administration tab.
- Select General > Data Requests.
On the Data Requests page, select the Request ID of the search request that you performed earlier, and click Replace.
The status of the request is changed to Replace In Progress. After the request is completed, the status changes to Replace Completed.
GDPR request status
A GDPR request may have any of the following statuses depending on the request conditions:
Request status | Description |
---|---|
Created | Search request or replace request is created |
In Progress | Search request is in progress. |
Search Completed | Search request is completed. |
Replace In Progress | Replace request is in progress. |
Replace Completed | Replace request is completed. |
Search Failure | Search request failed. |
Replace Failure | Replace request failed. |
Replace Completed With Error | Replace request is completed but some errors were encountered during the process. |
Comments
Log in or register to comment.