Submit Data Subject Privacy Requests
GDPR
Consumer data protection is regulated in many places around the world. A notable example is the European Union's General Data Protection Regulation (GDPR). Because GDPR is a template for many other regulations, CXone uses its requirements as the template for privacy features. These regulations require companies that collect personal information about consumers to provide certain rights for those consumers.
Because CXone stores and processes this type of information, you might need to respond to privacy requests from your customers, including erasure. This page guides you through the process of submitting erasure requests to NICE CXone. If you have other types of requests, contact your CXone Account Representative.
Data erasure requests must include a corresponding data subject The person who can be identified by personal data. identifier. This is information that identifies the data subject, such as an email address. CXone supports both email addresses and telephone numbers for erasure requests. CXone also supports various methods for submitting requests. The methods described on this page are manual methods. You can also create an integration where your back-end systems submit the requests automatically. See the DEVone help for more information.
Two main CXone systems manage consumer information. To ensure complete erasure, you must submit requests separately to both systems.
CXone Platform Erasure Process
You can submit erasure requests in the CXone platform. These requests cover the majority of CXone data, but do not currently include Digital Experience data. See the CXone Digital Experience Erasure Process section of this page for instructions on completing those erasure steps.
Submit Manual Requests
When a customer subject to data privacy regulations requests to have information removed, you must remove it. To do this, submit a request on the Privacy page in Admin. Alternatively, you can submit several requests at once with the bulk upload template. Once a request is submitted, CXone will remove the contact's or CXone user's information, depending on what the request is for. CXone only supports erasure requests on the Privacy page. You can only have 500 active requests at a time. The number of requests displays at the top of the page. It will show the number of successfully processed, failed, and skipped requests.
-
Click the app selector and select Admin.
-
If you're removing data for a CXone user, make sure that user has been deactivated. To do so:
-
Go to Employees in the left navigation.
-
Search the table to find the user you want to delete. In that user's row, click the actions icon. Click Deactivate .
-
-
Go to Security > Privacy.
-
For the Identifier Type, select one of the following:
-
Email or Phone if you're removing data for a contact.
-
User if you're removing data for a CXone user.
-
-
Enter the Subject Identifier for the Identifier Type you chose:
-
If you selected Phone as the Identifier Type, enter the contact's phone number. If you selected Email as the Identifier Type, enter the contact's email address.
-
If you selected User as the Identifier Type, enter the CXone employee's username.
-
-
Click Submit New. CXone will use this request to identify and delete your contact's information.
Submit Requests in Bulk
When a customer who is subject to data privacy regulations requests to have information removed, you must remove it. To do so, you can submit several requests at once with the bulk upload template. Alternatively, you can submit a request on the Privacy page in Admin. Once a request is submitted, CXone will remove the contact's or CXone user's information, depending on what the request is for. CXone only supports erasure requests on the Privacy page. You can only have 500 active requests at a time. The number of requests displays at the top of the page. It will show the number of successfully processed, failed, and skipped requests.
-
Click the app selector and select Admin.
-
If you're removing data for CXone users, make sure those users have been deactivated. To do so:
-
Go to Employees in the left navigation.
-
Select the checkbox to the left of each user you want to delete. On the top left of the Employees table, click Deactivate.
-
-
Go to Security > Privacy.
-
Click Bulk Upload.
-
Click Download Template. A CSV file will download to your device.
-
Open the CSV file.
-
In the first row of the file enter the following:
-
In the Identifier Type column, enter Phone or Email for requests to remove contact data. Enter User for requests to remove CXone user data.
-
In the Subject Identifier column, enter the identifying data based on the Identifier Type you chose. If you entered Phone as the Identifier Type, enter the contact's phone number. If you entered Email as the Identifier Type, enter the contact's email address. If you entered User as the Identifier Type, enter the CXone employee's username.
-
-
Repeat the process for each erasure request, with one request per row. CXone only supports 500 active requests at a time.
-
Once finished, save the edited file and upload it on the Privacy page. CXone will use this request to identify and delete your contact's information.
CXone Digital Experience Erasure Process
The process for submitting erasure requests for Digital Experience is currently separate from the CXone platform process. You must follow both processes for complete erasure.
Set Up the Erasure Process
To process erasure requests for Digital Experience you need to configure automation jobs that periodically scan messages and delete information as required. To do this efficiently, you need a set of tags.
Complete each of these tasks in the order given.
Create Tags
- Click the app selector and select ACD.
- Go to Digital > Tags.
- Click + Add tag.
- In the tag creation form:
- Enter Privacy Erasure Requested for the Title.
- Select your preferred Color for the tag.
- Set Active to Yes.
- Click Save.
-
Click + Add tag again.
-
In the tag creation form:
-
Enter Privacy Erasure Completed for the Title.
-
Select your preferred Color for the tag.
-
Set Active to Yes.
-
Click Save.
-
Create Jobs
- Click the app selector and select ACD.
- Go to Digital > Automation Jobs.
- Click + Add.
- In the job creation form:
- Enter Privacy Erase Content for the Name.
- In the Action field, select Delete content of a message.
- For the Content removed reason, select GDPR.
- Click Save.
-
Click + Add again.
- In the job creation form:
- Enter Privacy Erase Name for the name Name.
- In the Action field, select Delete author's name of a message.
- For the Content removed reason, select GDPR.
- Click Save.
-
Click + Add again.
- In the job creation form:
- Enter Privacy Tag Completed as the Name.
- In the Action field, select Add tag to message.
- For the Message tag, select Privacy Erasure Completed.
- Click Save.
Create Scheduler
The purpose of this scheduler is to locate messages that are flagged for erasure and that have not already been processed.
- Click the app selector and select ACD.
- Go to Digital > Automation Schedulers.
- Click + Add Scheduler.
- In the scheduler creation form:
- Enter Privacy Erasure Processor for the Name.
- For the Scheduler type, select Repetitive.
- For the Interval to execute, enter 0 0 * * *. This will run at midnight every day, but you can select any schedule to fit your needs.
- For Data set, select Messages.
- Click Save.
- On the next page, click + Add condition.
- For the Condition type, select Included tags condition. Click Create condition for selected type.
- On the row for Privacy Erasure Requested, click Add.
- In the breadcrumbs at the top of the page, click Detail "Privacy Erasure Processor".
- Click + Add condition.
- For the Condition type field, select Excluded tags condition. Click Create condition for selected type.
- On the row for Privacy Erasure Completed, click Add.
- In the breadcrumbs at the top of the page, click Detail "Privacy Erasure Processor".
- Click + Add existing job.
- Select Privacy Erase Content from the Select drop-down. Click Add.
- Click + Add existing job again.
- Select Privacy Erase Name from the Select drop-down. Click Add.
- Click + Add existing job again.
- Select Privacy Tag Completed from the Select drop-down. Click Add.
- In the top right corner of the page, click Activate.
Process Erasure Requests
You must identify all Digital Experience messages that correspond to the data subject of the erasure request. For each interaction The full conversation with an agent through a channel. For example, an interaction can be a voice call, email, chat, or social media conversation. where the data subject The person who can be identified by personal data. appears, you need to add the Privacy Erasure Requested tag to just one message in the interaction. You can find the appropriate messages through any CXone search capability. The most flexible option is to use the CXone Agent interface.
Assuming your request is for a contact with email address elizabeth.bennet@classics.com and that you have a customer card created with that email address, you can do the following:
- Click the app selector and select Agent.
- In CXone Agent, click the search icon in the left navigation.
- Click the Customers tab.
- In the Search field, enter the identifying information for the user requesting erasure. In this example, elizabeth.bennet@classics.com.
- Click the user's entry in the search results.
- In the contact details, click Contact History to expand that section.
- Click one of the entries to open the interaction.
- Above one of the messages from the contact, click the add tag icon and then click + Add New. From the Message tags drop-down, select Privacy Erasure Requested.
- Repeat this process for a message in each necessary interaction.
This example is specific to a particular way of finding messages. You should use all methods to find and tag interactions associated with the data subject.