We are looking into using the GDPR option for a client that needs to enforce privacy for there customers. We need a solution that will provide the anonymity required by there customers, which needs to be immediate.
According to the documentation we found on your site, with GDPR we are noticing that there is a time frame of 1 to 2 days to answer a request. This means that the call logs will be available for that time frame.
Are the GDPR request being processed manually by someone? Can the interaction logs be made anonymous/deleted immediately after the interaction finishes? Is there a better way to do this?
GenesysCloud is built on multiple microservices and stores data from these services for both realtime and analytics purposes. When you issue a GDPR request via our API, it triggers off a series of near-time messages that will begin the process of scrubbing/anonymizing that data from the platform. Some of our processes require offline processing because of the sheer data volume involved, can not be done real or near-time.
If there are specific improvements or recommendations that you think would help with the process, I would encourage you to open a feature request in our Aha! platform. (https://genesyscloud.ideas.aha.io/)
Can you confirm if there is a list of what they delete vs normalize, the KB def does not say. I ask because yesterday, as a test I posted a GDPR request for a specific phone number and today it's saying completed on the status of the request but I still see the phone number in the logs.
If you are still seeing matching personal data after the API reports a completed request, I suggest filing a bug ticket. In the interim I am curious which specific logs you are seeing the phone number in. As you may know, the GDPR Article 17 right to be forgotten is not an absolute right, and this specific data in a log may fall into an exception to this right.
Some background on our GDPR API & answering your specific questions above-
GDPR API requests are not handled manually, but are handled programmatically by a specific microservice.
There is not a list of which services anonymize versus which services delete matching personal data.
While we ask for 14 days for Genesys Cloud to complete the response to the GDPR API request, most requests are completed much faster, perhaps in 1-2 days.
Generally when we designed our GDPR API, we started with the regulation's 30 day response period and evaluated the time necessary for all microservices to respond to a GDPR API request. From there we decided that 14 days was a reasonable and sufficient time for Genesys Cloud to completely respond to a GDPR API request, as documented at https://help.mypurecloud.com/articles/genesys-cloud-and-gdpr-compliance/ .
Thank you for your response. I'm uploading the image for the the result that I'm getting from the API when I call /api/v2/gdpr/requests and I highlight where it says that the request has been completed. Also the second image (which I will add to another response because I can only upload 1 image at a time) is the interactions log which shows that the phone number is still showing.
Where can I post a bug for this? Sorry for the newbie question. I have not posted a bug before.
