Configuring the GDPR request management application
Pega Infinity™ CRM applications include a GDPR request management application that you can configure.
If you do not have a Pega Infinity™ CRM application, Pega Exchange provides a prototype application called the GDPR Accelerator that you can download and customize. For more information, see Pega GDPR Accelerator.
This section describes how to configure the GDPR request management application that you create from the GDPR Accelerator. Its case types are children of Demo-GDPR-Work. You can also create your own request management application.
The GDPR request management application supports the scenario in which a client calls a call center, and the call center operator uses the application to verify the client’s identity and to initiate the request on behalf of the client. You can further automate the process by customizing the GDPR request management application. For example, you can configure your banking application to include a web mashup so that the logged-in client can make a GDPR request directly, without using a call center. In this scenario, the mashup submits the GDPR request. You configure your GDPR request management application according to your business needs and the type of interface that you want to offer.
The following figure shows case processing by a GDPR request management application that supports multiple Pega applications.
As shown in the figure, CBAC case processing proceeds as follows:
- Within the GDPR request management application, a case is created for each client request, and a subcase is created for each repository. For example, for an Access request where three repositories are defined, there are three subcases.
- If the subcase is for a repository that represents a Pega application, a REST request is created. (The REST APIs are defined in the DataPrivacy category of the Pega API.) A case is created in the Pega application to handle processing the request. The request results are temporarily stored on the case. The results are sent back to the GDPR request management application subcase, and the personal data is removed from the case in the Pega application. The results are returned to the GDPR request management application by using a REST API over HTTPS.
- The results of the subcases are combined in the parent case. When the results have been retrieved by the client, the GDPR request management application removes the personal data from the case, while retaining the other case properties for auditing purposes.
You are responsible for configuring the following items in the GDPR request management application:
- Repositories – Define the Pega repositories as instances of Demo-GDPR-Work-Repository.
- REST connectors – Define a REST connector for each data privacy call type and request type combination. Pega Platform provides sample REST connectors that you can customize. The connectors take parameters for the Pega application URL and the Pega application name.
- Case processing – Configure your case flow so that personal data is removed from the case after it has been communicated to the client.