Addressing BMC Helix Virtual Agent data privacy requests
BMC Helix Virtual Agent product provides capabilities that help administrators address the personal data protection and privacy requirements associated with the General Data Protection Regulation (GDPR). The GDPR is a set of rules and principles governing the handling of personal data of individuals located in the European Union (EU).
Personal data in BMC Helix Virtual Agent
BMC Helix Virtual Agent may include users' personal data such as names, phone numbers, email addresses, government ID numbers, locations, credit card numbers, IP addresses, and so on that can identify individuals personally.
Personal data in BMC Helix Innovation Studio log files
BMC Helix Innovation Studio retains the data in log files for a limited period of time and then the log files data is deleted from the BMC cloud.
Personal data used by the BMC Helix Innovation Suite Cognitive Service
BMC Helix Innovation Suite deletes all the conversation logs from the BMC cloud once a week.
For information about the log limits in IBM Watson Assistant (formerly known as IBM Watson Assistant), see in the Watson documentation.
For information about IBM Watson GDPR readiness, see in the Watson documentation.
Capabilities for handling personal data
provides an administrator the following capabilities to protect user's personal data:
- Perform a lookup to find whether any personal data of a user is stored in applications.
- Provide a user with their personal data in a safe way.
- Replace users' personal data permanently in the applications.
On behalf of a user, an administrator can perform the following operations on user's personal data:
Searches for the user's personal data available in applications and provides a report of the search data. An administrator can download and send this data to the user in a portable and standard format such as .csv file format. The search operation is performed on structured and unstructured data.
To enable search operation for structured data, for example, JSON and HTML, an administrator must configure the content-definition setting by providing the following value:
If the content-definition setting is not configured, then the search is performed on the fields with datatype as Text and CLOB (character large object).
Replaces the user's personal data. The data is not deleted; however, it is replaced with a non-readable information permanently. The replace operation is performed only on the fields with datatype Text and CLOB.
Ignores a record during a replace operation.
You can exclude any personal data from getting replaced. The ignored records are not replaced.
You must consider the following points while performing operations on personal data:
- You need to perform these operations in each environment separately such as development, QA, and production environments.
- You cannot modify or search for the personal data stored in the following components:
- Attachments stored along with records instances
- Process definitions
- Localized strings
- You must not replace the login ID of a user.
For more information about handling data privacy requests, see