Skip to main content

Table of Contents

Erasing customer data in Pega Platform

You can use ready-made Client Based Access rules to manage data erasure requests for Decisioning data.

Predefined Client Based Access rules

To access the Client Based Access rules, log in to Dev Studio as an administrator, and then click Records > Security > Client Based Access. There are three predefined Client Based Access rules:

  • pyStrategyResultsCBAC
  • pyDecisionResultsCBAC
  • pyCustomerMovieCBAC

Click a Client Based Access rule to see which data elements it identifies.


The properties in the Data elements tab represent elements of personal data that can be used to identify a customer. For each data element, you can specify whether personal data requests are allowed to rectify or erase this type of data. If you defined additional personal data properties for your customers, click Add property to add a corresponding data element. For more information, see Configuring a client-based access control rule.

Data Privacy API

Pega provides a Data Privacy Rest API for data erasure requests. To view the API documentation, click the Help icon in the right corner of the Dev Studio navigation bar, and then click Pega API > Data Privacy. Click a request type to view the model, parameters, responses, and sample requests.

To view or edit the Data Privacy API properties, log in to Dev Studio as an administrator, and then click Records > Security > Service Package > api. On the Service Package: api page, scroll down and click client_access_requests. For more information about working with Pega API, see Pega API.

GDPR request management application

Instead of managing data erasure requests manually, you can deploy a ready-made GDPR request management application which streamlines the process by allowing the client to make change requests through a dedicated web interface. The GDPR request management application is included with Pega Infinity CRM applications, such as Pega Marketing or Pega Customer Decision Hub. You can also configure it for use with other Pega applications. For more information, see Supporting EU GDPR data privacy rights in Pega Infinity with client-based access control.

Suggest Edit
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us