We’re excited to share a brand new feature with you! The Bulk Data Retention feature enables you to redact sensitive data for multiple cases in bulk in Jadu CXM, using an API request. This helps you to keep on top of your data, removing it easily when it’s no longer required and helping you with GDPR compliance.
How does it work?
You can now redact cases that have - using workflow rules - been moved into a CXM filter, once the data on the case is no longer needed for processing the user’s request. Once moved into a CXM filter, an API post request is made. This can be manual or automated and will take all of the cases in the selected filter and delete all of the personal data in the case. On top of this, you can specify a transition to run after a case is processed as part of the API request. For example, you might wish to move cases to a ‘redacted’ status after the data has been deleted.
NOTE: The redaction will be run for all cases in the filter, regardless of the setting on the case type, to delete personal data which only applies to the manual deletion of data using the case action menu.
Setting up a Bulk Data Redaction
- Create a filter for cases being redacted
It may be easier for you to create a status for cases that will be placed in the redaction filter for sensitive data to be removed, e.g. ‘To be redacted’ then you can create your filter which filters on this status.
- API User Permissions
You can ensure that the API users that you will be allowing to make the API request has the ability to ‘delete personal data’ on the user’s role.
- Run or configure your API POST request
You will need to choose a tool that can make a POST request and configure this following the CXM service API guide.
Delete personal data from a CXM case
To allow your staff to remove personal data from a CXM case for a case type, go to Settings > Workflow, and find the case type. On the ‘General’ tab, enable the toggle ‘Allow deletion of personal data from cases’, then save the case type.
The user roles that you wish to allow to delete personal data from a case must have the permission to ‘Delete personal data’ enabled which can be found on the ‘General’ tab of the ‘Roles’ page under Settings > User Administration.
When staff delete personal data in a case, the following contents are deleted:
- Case values for all fields that are marked as sensitive
- All messages
- All letters
- All email alerts
- All file attachments
- All case notes
- The link to a person record (if applicable)
- The link to an address (if applicable)
Fields with sensitive data
Case values will only be deleted for fields that are marked as containing sensitive data. This means that you will need to review your fields in Jadu CXM and check the box for ‘Contains sensitive data’, for any fields where personal data could be entered by the customer or a member of staff. This is likely to only apply to text, text area, telephone, email and URL fields. You should not allow fields to be deleted if you require the data for reporting purposes.
NOTE: We can include a success transition to be applied following redaction in the request body, in this example the “redact” transition will be applied. Also bear in mind that POST requests cannot be made via the browser and require a third-party tool, some of which will allow you to automate the running of the redaction action on a schedule in line with your needs.
You can keep up to date on the latest CXM releases by reading the release notes.