To protect customer data, in Pega Care Management, you can add properties to or remove properties from client-based access control (CBAC) rules. This provides your organization with the tools necessary to be in compliance with privacy requirements of the European Union (EU) General Data Protection Regulation (GDPR) and similar regulations.

For example, if a patient does not want family information available in their medical record, you can remove the .FamilyMember property from the GDPRFamilyHistoryCBAC rule.

The rules that you can modify to support GDPR include:

• GDPRFamilyHistoryCBAC
• GDPRObservationsCBAC
• GDPRMedicationsCBAC
• GDPRAllergiesCBAC

For more information, see Defining client-based access controls to support the European Union (EU) General Data Protection Regulation on the Pega Customer Service product page.

1. In the header of Dev Studio, enter and search for GDPRFamilyHistoryCBAC.
2. Click the name of the rule.
3. On the Client-Based Access page:
   1. Check out the rule.
   2. Based on your organization’s needs, add a row to add a new property to the rule.
      For more information, see Configuring a client-based access control rule. 
   3. Ensure that you select the applicable check boxes.
   4. Save the rule.
4. Repeat steps 1 through 3 for each of the other rules.