Contents
Genesys Intelligent Automation Support for GDPR
This page describes product-specific aspects of Genesys Intelligent Automation support for the European Union's General Data Protection Regulation (GDPR) in premise deployments. For general information about Genesys support for GDPR compliance, see General Data Protection Regulation.
Genesys Intelligent Automation, formerly known as Genesys App Automation Platform (GAAP) or SpeechStorm, is a solution that enables organizations to rapidly deploy phone self-service functionality to their customers, including intelligent call steering, for a more efficient and personalized customer experience.
Genesys Intelligent Automation provides non-technical users with a high level of control over the management and configuration of the system using a web-based interface. The system Dashboard allows business users to see at a glance how their applications are performing, as well as proactively highlighting areas for improvement, therefore avoiding potential usability issues.
Customers provide consumer-identifying input for GDPR requests (forget me and/or export) as JSON files. Genesys has a standard JSON format for both Right To Access (export data) and Forget Me (delete or redact data). Intelligent Automation will read these files and perform the appropriate tasks for each file. IA will write an execution result file to indicate if the task was successful or not. If unsuccessful, the customer should leave the appropriate JSON file in the directory so that IA can try and process again the next night. IA will only use the phone attribute and the intauto-fields attribute to find data.
Data Retention Policies
The DBOvernightJobs.NumDaysHistoricalDataToKeep setting controls the number of days that data is retained. When set to a positive value X, the data is retained for X days. When the value is set to -1 or 0, the data is retained permanently.
Configuration Settings
Digital customers (Web IVR, chatbots, etc.) should instead set their environment up to not store PII initially, the IA team will add digital functionality to the GDPR task in a future release. To not store PII, the customer should:
- Turn the Confidential Mode On preference to true for any question which asks for PII.
- Turn Remember Me functionality off.
- Set the CTI.FieldsToStoreInReporting.ExcludePattern server setting to include any attached data which contains PII. The setting should be in a pipe separated string e.g., (AccountNumber|CustomerName|CustomerPhoneNumber)
JSON input files
There are separate input files for Right of Erasure and Right of Access requests:
- forget-<DDMMYYYY>-<any optional content>.json
- export-<DDMMYYYY>-<any optional content>.json
The date part of the file name (<DDMMYYYY>) is expected to indicate the date the file was created, to maintain file uniqueness. Genesys products do not use this information to trigger or manage request processing. Using timestamps in the file system, products process any files added or modified for that tenant since the last time the product processed GDPR requests.
Exporting and Forgetting Data
1. Copy the fish-reporting-9.X.XXX.jar file and fish-reporting.properties on to the server.
- GDPR.ScheduledTask.ImportJsonFilesDirectory - The location of the export and forget JSON requests. Use "/" instead of "\" delimiters. If this location is remote, it should be made available as a shared network drive on the server in question.
- GDPR.ScheduledTask.TimeToRun.Hours - The hour value of the time the service should run (24 HR time)
- GDPR.ScheduledTask.TimeToRun.Minutes - The minutes value of the time the service should run
- GDPR.ScheduledTask.ExecutionResults.Directory - The location to where the execution results should be written. Use "/" instead of "\" delimiters. If this location is remote, it should be made available as a shared network drive on the server in question.
- GDPR.ScheduledTask.ExportJsonFilesDirectory - The location to where the exported data should be written. Use "/" instead of "\" delimiters. If this location is remote, it should be made available as a shared network drive on the server in question.
- GDPR.CompanyID - The ID of the company you want to run these tests against
2. Take a copy of the database.properties from one of your IA/GAAP/SpeechStorm servers and paste into the same directory as your fish-reporting JAR file.
3. Open a command line and run the following commands:
cd <path to fish-reporting JAR e.g. cd C:\GDPR\> java -jar fish-reporting-9.X.XXX.jar (where X is the version number of your fish-reporting JAR)
The GDPR task will then run at the scheduled time each day.
Notes
- Java 8 is required.
- The tasks should be run at a different time from the hive off.
- The server on which JSON files are located should be made visible as a shared drive on the fish-reporting server
- The tasks will be run as an executable JAR file.
- In order for this task to operate correctly, the hive off process must be operational as GDPR tasks are only run against historical data (i.e., data from the previous day and before).
Examples
JSON Input Example
{
"consumers": [
{
"consumer": [
{
"phone": "02890571321"
},
{
"phone": "077519654543"
}
]
}
],
"intauto-fields": [
"AccountNumber",
"CustomerName"
]
}
JSON Output Example
{
"consumers": [
{
"consumer": [
{
"phone": "02890571321"
},
{
"cti_fields": "AccountNumber:123456"
},
{
"question_answer": "result_detail:,nbest_meaning_1:goat,nbest_rawanswer_1:I'd like a goat,nbest_slots_1:oof:banana|foo:ananab,nbest_meaning_2:null,nbest_rawanswer_2:null,nbest_slots_2:null,nbest_meaning_3:null,nbest_rawanswer_3:null,nbest_slots_3:null"
},
{
"business_task_details": "Created a shiny moon man"
}
]
}
],
"intauto-fields": []
}
Properties file Example
GDPR.ImportJsonFilesDirectory=Z:\json\dir\
GDPR.ScheduledTask.TimeToRun.Hours=12
GDPR.ScheduledTask.TimeToRun.Minutes=07
GDPR.ScheduledTask.ExecutionResultsDir=Z:\results\dir\
GDPR.ExportJsonFilesDirectory=Z:\results\json\dir\
GDPR.CompanyID=2