How do I correctly to verify that sensitive data masking rules defined in Architect flows are correctly reflected in the Audit Log views for compliance reporting?
Our organization operates in the EU-West BYOC environment and has implemented strict data privacy protocols. We have configured specific data masking rules within our primary inbound flow (Version 8.2) to redact PII before it is written to the interaction transcript. While the transcript view in the Interaction Detail pane correctly displays masked values, the corresponding entries in the Audit Log still appear to contain unmasked raw data strings.
This discrepancy is causing significant concern during our quarterly compliance audits. The expectation is that any data subject to masking in the flow should also be masked in the audit trail to ensure end-to-end privacy protection.
We are using the standard Genesys Cloud Admin UI for audit log retrieval. No custom API calls are being made for this verification process.
The flow configuration includes the following masking rule definition:
{
"ruleId": "mask_pii_001",
"type": "credit_card",
"action": "mask",
"replacement": "****"
}
Is this a known limitation of the Audit Log retention policy for BYOC instances, or is there a specific configuration step required to synchronize masking rules with audit data? We need to ensure our reporting aligns with GDPR requirements.