Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Defining client-based access controls to support the EU GDPR

Updated on December 3, 2021

Define client-based access controls (CBAC) to comply with the data privacy requirements of the European Union (EU) General Data Protection Regulation (GDPR) and similar regulations. This configuration allows you to protect customer data by tracking and processing requests to view, change, remove, and restrict the use of personal data.

Pega Customer Service provides an Exercise Customer Data Rights service case to support the General Data Protection Regulation and similar regulations. You can access this service case after defining the client-based access controls in your application. These controls are part of the supporting infrastructure that helps customer service representatives to manage Customer data rights requests and allows customers to directly manage their data through the self-service web application. For more information about how Pega applications are supporting GDPR, see Supporting EU GDPR data privacy rights in Pega Infinity with client-based access control.

Note: In the Exercise Customer Data Rights service case, the Right to access subcase allows customers to review their data by using a PDF document that is sent by email. For more information, see "Configuring security settings for a customer data PDF document," next.
Pega Customer Service Implementation Guide
  1. Create an operator specific to the access group that is responsible for defining CBAC rules.
    ApplicationAccess group
    Pega Customer Service
    • For the CustomerService 8.5 application stack: CustomerService:GDPRCSAdmin
    • For the CustomerService 8 application stack: GDPRCSAdmin
    Pega Customer Service for Communications
    • For the CustomerServiceForComms 8.5 application stack: CustomerServiceComms:GDPRADMIN
    • For the CustomerServiceForComms 8 application stack: GDPRCSCAdmin
    Pega Customer Service for Financial Services
    • For the CustomerServiceForFS 8.5 application stack: CustomerServiceForFS:GDPRCSFSAdmin
    • For the CustomerServiceForFS 8 application stack: GDPRCSFSAdmin
    Pega Customer Service for Healthcare
    • For the CSHC 8.5 application stack: CustomerServiceHC:GDPRAdmin
    • For the CSHC 8 application stack: GDPRCSHCAdmin
    Pega Customer Service for Insurance
    • For the CustomerServiceForInsurance 8.5 application stack: CustomerServiceForIns:GDPRAdmin
    • For the CustomerServiceForInsurance 8 application stack: CSIGDPRAdmin

    This operator is used for GDPR processing and is not related to a CSR operator.

    Note: The access group is created automatically when you create your application.
  2. To authenticate the operator, configure the GDPR-specific operator with the GDPRBasicAuth rule.
    For more information on authentication scheme planning, see Authentication in Pega Platform.
  3. Define client-based access controls (CBAC) for the Pega database. For example, Contact, Account, Address data, and Address change.
    Default CBAC rules are included with the application.
    1. Contact your legal counsel to determine the client-based access controls for making revisions, based on the interpretation of the regulation, assessment of the valid business purposes for storing and using client data, and assessment of competing legal requirements in your industry and country or jurisdiction.
    2. Identify the personal data that your application stores in the Pega database that is not known to the default Pega CRM applications.
    3. Create client-based access controls for each property.
      For more information on defining CBAC rules, see Defining client-based access control rules.
Result: The customer service representative who is part of the GDPR access group is now able to help your customers to control their personal data.
  • Previous topic Customizing the user interface of service requests
  • Next topic Configuring security settings for a customer data PDF document


Pega Customer Service 8.7 Pega Customer Service for Communications 8.7 Pega Customer Service for Financial Services 8.7 Pega Customer Service for Healthcare 8.7 Pega Customer Service for Insurance 8.7

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us