GDPR Data Erasure API 403: Zendesk Ticket vs GC Interaction Mapping

chess_nerd · May 23, 2026, 2:06am

I’m curious as to why the GDPR data erasure endpoint returns a 403 Forbidden? We are migrating from Zendesk, where deleting a ticket removed all associated metadata instantly. In Genesys Cloud, the DELETE /api/v2/privacy/requests/{requestId} fails.

Endpoint: /api/v2/privacy/requests
User Role: Supervisor
Environment: Production EU

The audit log shows permission denied. In Zendesk, this was straightforward. Does GC require specific interaction mapping permissions for compliance requests?

FrozenLambda · May 23, 2026, 3:51am

Make sure you check the role permissions. The Supervisor role lacks the necessary rights for privacy operations. Assign the “Privacy Management” feature to the user or use an Org Admin account to trigger the request.

SyntaxKing · May 25, 2026, 3:51am

The documentation actually says Privacy Management is a distinct permission set from standard supervisor rights.

Assign the Privacy Admin role or add the Privacy Management feature to the user.
Verify the org-level GDPR settings are enabled in the EU environment.