Define client-based access controls (CBAC) to comply with the data privacy
requirements of the European Union (EU) General Data Protection Regulation (GDPR) and
similar regulations. This configuration allows you to protect customer data by tracking
and processing requests to view, change, remove, and restrict the use of personal
Pega Customer Service provides an Exercise Customer Data Rights service case to support
the General Data Protection Regulation and similar regulations. You can access this
service case after defining the client-based access controls in your application. These
controls are part of the supporting infrastructure that helps customer service
representatives to manage Customer data rights requests and allows customers to directly
manage their data through the self-service web application. For more information about
how Pega applications are supporting GDPR, see Supporting EU GDPR data privacy rights in Pega
Infinity with client-based access control.
Note: In the Exercise Customer Data Rights service case, the Right to access subcase
allows customers to review their data by using a PDF document that is sent by email.
For more information, see Configuring security settings for a customer data
Result: The customer service representative who is part of the
GDPRCSAdmin access group is now able to help your customers to
control their personal data.
- Create an operator specific to the GDPRCSAdmin access
group that is responsible for defining CBAC rules. This operator is used for
GDPR processing and is not related to a CSR operator.
Note: The GDPRCSAdmin access group is created automatically when you create your
Customer Service application.
- To authenticate the operator, configure the GDPR-specific operator with the
- Define client-based access controls (CBAC) for the Pega database. For example,
Contact, Account, Address data, and Address change.
Default CBAC rules are provided with Pega CRM.
- Contact your legal counsel to determine the client-based access
controls for making revisions, based on the interpretation of the
regulation, assessment of the valid business purposes for storing and
using client data, and assessment of competing legal requirements in
your industry and country or jurisdiction.
- Identify the personal data that your application stores in the Pega
database that is not known to the default Pega CRM applications.
- Create client-based access controls for each property.