Genesys® announced availability of a new API for its PureCloud® platform that facilitates compliance with the new European Union (EU) General Data Protection Regulation (GDPR). The API enables organizations using PureCloud to more efficiently process requests from their customers as required by GDPR, the EU data protection and privacy law that goes into effect on May 25.
Under GDPR, EU residents have a number of new rights that enable greater control of their personal information while businesses are held accountable for the protection of that data. Individuals gain the right to access their own data and can demand: a copy of their personal data to see what a company has tracked; deletion of their personal data; and portability of their data.
The PureCloud GDPR API offers self-service features so businesses can handle high volumes of customer data requests quickly and directly within the PureCloud platform. With the PureCloud GDPR API, businesses can automatically facilitate key end-customer requests easily and confidentially.
Streamlined GDPR Compliance
Genesys is making the new API available to businesses in all PureCloud regions, which extends beyond the minimum requirements outlined by the new regulations. While GDPR applies to the personal data of individuals in and from the EU, companies outside of the EU, including those in the United States, may find themselves obligated to comply with GDPR if they collect, store or use personal data about any EU resident. For that reason, Genesys encourages businesses to take advantage of the new API as a proactive measure and to build trust with end-customers regarding data protection and privacy.
“‘Privacy by Design,’ a key part of GDPR, holds that any company that processes personal data must make privacy and data protection a priority at every turn,” said Olivier Jouve, executive vice president of Genesys PureCloud. “That very principle is inherent in the PureCloud platform, which was designed from day one to maintain confidentiality, integrity and privacy of sensitive data.”
GDPR holds that businesses must comply with personal data requests within 30 days. With the new API, businesses using the PureCloud platform can initiate and resolve such requests well within the mandated time period. For example, organizations using the API to respond to customer access requests can expect to retrieve all related personal data within 1-2 business days. Using the API, businesses can remove or make personal data anonymous in response to a GDPR “forget me” request in less than 14 days.
In addition, the PureCloud GDPR API provides a confirmation that the request was successfully completed so businesses using PureCloud have a record of request fulfillment, or an electronic personal data report.
Broad Compliance with Industry Standards
Launched in 2015, the PureCloud platform is a unified, all-in-one customer engagement and business communications solution that is easy to use and quick to deploy. A true cloud offering based on microservices architecture, the PureCloud platform is flexible, open, feature-rich, and built for rapid innovation, providing organizations with a future-proof solution for quickly scaling to meet customer growth.
In addition to GDPR, the PureCloud platform is compliant with numerous other regulatory and industry data protection standards including HIPAA, the United States federal law restricting release of medical information; Payment Card Industry Data Security Standard (PCI DSS); ISO27001, among others.
Genesys has also instituted procedures to help businesses using the PureConnect™ and PureEngage™ platforms to comply with GDPR when the regulation takes effect. The company plans to roll out automated GDPR tools for both offerings early this summer.