I have some questions surrounding the Data Privacy Management area of C4C. I am the admin of an instance which is used primarily for Technical Support of a customer facing learning platform. Customers log their issues via front end ticketing system and various generic inboxes. We have both a B2B and B2C logic set up amongst these inboxes so customer data can vary e.g. any customer who contacts us via ticketing system is matched using the DB behind accounts.sap.com and more personal data is automatically sent to the IMS than a customer who contacts us via generic inbox using B2C)
I have reviewed the various blogs on this topic such as https://blogs.sap.com/2017/10/09/what-is-gdpr-how-can-sap-hybris-cloud-for-customer-help-you-comply-with-gdpr/ and
https://blogs.sap.com/2016/09/23/data-privacy-management-in-sap-c4c/ but still have some points I wish to clarify:
Disclosure / Portability
If we wanted to added more fields, we are limited to the following:If we wish to disclose further fields of data such as Related to Account / Business Address / Status etc. can this be done?
Is the CSV the only output available? Customers will have the right to view all data saved on our system on request so we would like to ensure it can be presented in a user friendly manner.
Retention / Removal
Can you please tell me how is this Retention Period set if we do not record country data on all customers ie. Is there a blanket rule that can be set such as ‘Automatically delete all Contacts & Individual Customers Data that has been inactive for 6 years’?
Is there any documentation for this?
As a workaround to this, I thought to create an extension field that would flag a user as ‘Blocked’. I would then restrict agents from viewing any data on ‘blocked’ users by amending search filters etc. However I cannot find a way to update the default search filters such as (All) contacts
Is there a smarter way in the system to restrict ‘blocked’ Contact data to all agents except Admin and EUGDPR Data Officers?