Jump to: navigation, search

PureEngage Premise Support for GDPR

Warning
Disclaimer: The information contained here is not considered final. This document will be updated with additional technical information.

This page provides an overview of Genesys's general approach to implementing support for General Data Protection Regulation (GDPR) compliance in PureEngage on-premise products. As described on General Data Protection Regulation (GDPR), Right of Access and Portability (export) and Right of Erasure (forget) are the only GDPR rights requiring additional, specific implementation on the Genesys side and for which customers might need to take specific steps.

Genesys implementation of GDPR support on premise

For many Genesys products, GDPR compliance is provided as:

  1. Customers provide consumer-identifying input for GDPR requests (forget and/or export). The input is in the form of JSON files uploaded to a configured, tenant-specific location.
  2. Genesys products process these files on a regular basis, usually daily, to execute the requests.
  3. Genesys products report the results of their execution of GDPR requests.
Important
In general, Genesys support for GDPR compliance is based on default configuration settings and typical application usage.

Input and output file location

The customer specifies the location for each tenant’s JSON files in the [gdpr].gdpr-directory option on the Annex tab of the Tenant configuration object. Genesys has no special requirements for the location of the directory. The gdpr-directory option must simply specify a valid path that both Genesys and the customer can get to.

All Genesys products use the same tenant-specific directory for the input and output files (if the product provides them) for that tenant. The customer is responsible for maintaining this directory.

JSON input files

There are separate input files for Right of Erasure and Right of Access requests:

  • forget-<DDMMYYYY>-<any optional content>.json
  • export-<DDMMYYYY>-<any optional content>.json

The date part of the file name (<DDMMYYYY>) indicates the date the file was created, to maintain file uniqueness. Using timestamps in the file system, products process any files added or modified for that tenant since the last time the product processed GDPR requests.

It is the customer's responsibility to ensure that the request does not conflict with other regulatory or legal obligations.

File specification

The JSON specification for the forget and export files for GDPR requests is identical.

  • "caseid" — (Optional) Holds customer case numbers, for possible use by Customer Care to supplement customer self-service.
  • "consumers" — (Required) Holds an array of individual "consumer" elements, so that GDPR requests from multiple consumers can be processed at the same time.
    • "consumer" — (Required) An individual consumer for whom a GDPR request is being submitted. Each consumer may be identified by one or more of the following attributes, specified in an array:
      • "phone" — Phone number, without separators
      • "email" — Email address
      • "fbid" — Facebook ID
      • "twid" — Twitter handle
      • "wcid" — WeChat ID
      • "name" — Given name
      • "ipaddr" — IP address

In addition, there are optional application-specific elements:

  • "intauto-fields" — Holds an array of fields. Used by Intelligent Automation to specify names of attached variables.
  • "gim-attached-data" — Used by Genesys Info Mart to target custom user data attached to interactions and custom Outbound Contact Server (OCS) fields used in Outbound Contact campaigns. Custom user data and custom fields contain data for which customers configured customized storage in the Info Mart database.
    • "kvlist" — Holds an array of the custom user data KVPs and custom OCS fields that might contain PII.

Example

{
   "caseid":"123456789",
   "consumers":[
      {"consumer":
         [
            {"name":"John Doe"},
            {"name": "John Q. Doe"},
            {"phone":"555551212"}
         ]
      },
      {"consumer":
         [
            {"name":"Dan Akroyd"},
            {"phone":"555556161"},
            {"phone":"555556162"}, 
            {"email":"danny@hollywood.com"},
            {"email":"funnyguy@comedy.org"},
            {"fbid":"Dan Akroyd"}
         ]
      }],
   {"gim-attached-data":{"kvlist":["AcctNum", "SSN"]}}
 }

Output Files

After Genesys products process input requests, they provide two types of output:

  • For Right of Access requests, an export of the PII data relating to the requesting consumer(s). If the export data is provided in a JSON file, the file name is <component>-<DDMMYYYY>-access.json.
  • An execution report for audit purposes, detailing the execution results for forget-me and export requests. If the audit report is provided in a stand-alone file, the file name is <component>-<DDMMYYYY>-execution-log.json.

Output files are placed in the same GDPR directory as the input file, with the date part of the file name indicating the date the file was created.

Genesys support for GDPR, by product

See Summary of Genesys GDPR support for a table summarizing Genesys support for GDPR across products. The following pages provide more information about product-specific aspects of the GDPR implementation:


Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on May 25, 2018, at 13:47.