Phased rollout


This version of the software is currently available only to early adopter SaaS customers as the first step in our phased rollout. Click here to view an earlier version.

Addressing BMC Helix Virtual Agent data privacy requests

BMC Helix Virtual Agent product provides capabilities that help administrators address the personal data protection and privacy requirements associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).


This BMC document provides general information about the General Data Protection Regulation (GDPR) and GDPR key requirements. It is not intended to provide any legal advice. The GDPR can be found at European Union Data protection Open link . Under this new Regulation, any organization handling personal data of European Union residents, regardless of its location, needs to understand which GDPR requirements apply to its organization and accordingly devise a plan for adjusting its systems and processes and for educating its people. Although BMC is not in the business of data privacy compliance software, some of the features of the BMC Helix Virtual Agent product can help customers meet some requirements of the GDPR. For more information about how BMC solutions can help achieve the requirements of GDPR, see GDPR Compliance Open link .

Personal data in BMC Helix Virtual Agent

BMC Helix Virtual Agent may include users' personal data such as names, phone numbers, email addresses, government ID numbers, locations, credit card numbers, IP addresses, and so on that can identify individuals personally.

Personal data in BMC Helix Innovation Studio log files

BMC Helix Innovation Studio retains the data in log files for a limited period of time and then the log files data is deleted from the BMC cloud.

Personal data used by the BMC Helix Innovation Suite Cognitive Service

BMC Helix Innovation Suite deletes all the conversation logs from the BMC cloud once a week.

For information about the log limits in IBM Watson Assistant (formerly known as IBM Watson Assistant), see  Log limits Open link in the Watson documentation.

For information about IBM Watson GDPR readiness, see  GDPR Open link  in the Watson documentation.

Capabilities for handling personal data

 provides an administrator the following capabilities to protect user's personal data:

  • Perform a lookup to find whether any personal data of a user is stored in applications. 
  • Provide a user with their personal data in a safe way.
  • Replace users' personal data permanently in the applications.

On behalf of a user, an administrator can perform the following operations on user's personal data:


Searches for the user's personal data available in applications and provides a report of the search data. An administrator can download and send this data to the user in a portable and standard format such as .csv file format. The search operation is performed on structured and unstructured data.

To enable search operation for structured data, for example, JSON and HTML, an administrator must configure the content-definition setting by providing the following value:


If the content-definition setting is not configured, then the search is performed on the fields with datatype as Text and CLOB (character large object).


Replaces the user's personal data. The data is not deleted; however, it is replaced with a non-readable information permanently. The replace operation is performed only on the fields with datatype Text and CLOB.


Ignores a record during a replace operation.

You can exclude any personal data from getting replaced. The ignored records are not replaced.

You must consider the following points while performing operations on personal data:

  • You need to perform these operations in each environment separately such as development, QA, and production environments.
  • You cannot modify or search for the personal data stored in the following components:
    • Attachments stored along with records instances
    • Process definitions
    • Localized strings
  • You must not replace the login ID of a user.

For more information about handling data privacy requests, see  Addressing data privacy requests Open link

Was this page helpful? Yes No Submitting... Thank you