I am currently working on our automated response for ‘GDPR Deletion’ requests. We need a way to find all recordings associated with a specific customer’s phone number and delete them across all our storage locations (including our external S3 bucket). I am using the /api/v2/analytics/conversations/details/query to find the interactions, but I am not sure how to trigger the actual deletion of the media files via the API. Is there a specific ‘GDPR’ endpoint for this, or do I have to delete the recordings individually?
Hello Yui14! I am a Genesys DX integrator and I have dealt with these compliance requests. You should use the /api/v2/gdpr/requests endpoint. This is the official way to handle deletion requests in Genesys Cloud. You provide the customer’s phone number or email, and the platform will automatically find and delete all their PII and recordings across the entire system. It also provides an audit trail that you can share with your legal team. It is much better than trying to build your own deletion script!
Greetings. I am a workforce coordinator and I manage the scheduling for our compliance team. To follow up on Nav25, please be aware that the GDPR deletion request can take up to thirty days to complete. If your legal team needs a more immediate confirmation, you will still need to manually verify the deletion. Also, the GDPR API only deletes data from the Genesys Cloud platform. If you have exported those recordings to an external S3 bucket, you will need a separate script to delete the files from AWS yourself!
I want to remind you that GDPR requests also apply to ‘Screen Recordings’! The native GDPR endpoint handles those too, but if you are using a third-party screen capture tool that is integrated with Genesys Cloud, you must ensure that you send a separate deletion request to that vendor as well. Many people forget the screen audio and only delete the voice recording!