Consider the following GDPR tip, regarding how to address having accurate and up-to-date personal data:
•GDPR Article 16 enforces the right of rectification, which states "The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her".
Similarly and as treated in "How is personal data collected?", three different channels (i.e, by direct end user input in processes, through application integration, or when having an admin manage information of end users) enable you to capture personal data of individuals involved in your processes.
Consider the following scenarios, according to the three different channels.
1. Whenever there is direct end user input in processes.
For the scenario where personal data is captured through the user interfaces of activities in processes, it is suggested:
•To include in your processes, an activity or an action that allows end users to update and/or confirm any important input or personal data.
•To implement a specific, separate process with the objective of updating personal data previously captured in other processes.
Note that for both, having a verification/approval pattern is an optional good practice, given that end user input entails human intervention, which can be prone to errors.
2. Whenever there is application integration.
For the scenario where personal data is fetched from external applications, it is also recommended to make sure that such application handles appropriately the information so that Bizagi processes can rely on fetching accurate and up-to-date information.
Similarly, you would need to consider if it is important for personal data in Bizagi processes to be updated right away whenever such data is updated in that other external application.
3. Whenever an admin manages information of end users.
An admin from the customer's side, may at any time manage information about end users and their accounts, including details such as: Email address, First name, Last name, Location (Country, State, City), Phone number, or a photo.
Additionally, other information related to the roles and position of that user within the customer's organization can be managed as well.
Even though the above fields are shipped-in by default with Bizagi, customers may extend what is stored by defining additional fields through user properties (http://help.bizagi.com/bpm-suite/en/index.html?user_properties.htm).
It is your responsibility as a customer, to define and assess how you will support the possibility to update personal data, while considering the possibility to build additional processes which are aligned to the business and policies of your organization.