Erasing customer data in Pega Platform
You can use ready-made Client Based Access rules to manage data erasure requests for Decisioning data.
Predefined Client Based Access rules
To access the Client Based Access rules, log in to Dev Studio as an administrator, and then click Records > Security > Client Based Access. There are three predefined Client Based Access rules:
Click a Client Based Access rule to see which data elements it identifies.
The properties in the Data elements tab represent elements of personal data that can be used to identify a customer. For each data element, you can specify whether personal data requests are allowed to rectify or erase this type of data. If you defined additional personal data properties for your customers, click Add property to add a corresponding data element. For more information, see Configuring a client-based access control rule.
Data Privacy API
Pega provides a Data Privacy Rest API for data erasure requests. To view the API documentation, click the Help icon in the right corner of the Dev Studio navigation bar, and then click Pega API > Data Privacy. Click a request type to view the model, parameters, responses, and sample requests.
To view or edit the Data Privacy API properties, log in to Dev Studio as an administrator, and then click Records > Security > Service Package > api. On the Service Package: api page, scroll down and click client_access_requests. For more information about working with Pega API, see Pega API.
GDPR request management application
Instead of managing data erasure requests manually, you can deploy a ready-made GDPR request management application which streamlines the process by allowing the client to make change requests through a dedicated web interface. The GDPR request management application is included with Pega Infinity CRM applications, such as Pega Marketing or Pega Customer Decision Hub. You can also configure it for use with other Pega applications. For more information, see Supporting EU GDPR data privacy rights in Pega Infinity with client-based access control.