Personal data requests for Power Virtual Agents

The European Union (EU) General Data Protection Regulation (GDPR) gives significant rights to individuals regarding their data. Refer to the Microsoft Learn General Data Protection Regulation Summary for an overview of GDPR, including terminology, an action plan, and readiness checklists to help you meet your obligations under GDPR when using Microsoft products and services.

You can learn more about GDPR and how Microsoft helps support it and our customers who are affected by it.

  • The Microsoft Trust Center provides general information, compliance best practices, and documentation helpful to GDPR accountability, such as Data Protection Impact Assessments, Data Subject Requests, and data breach notification.
  • The Service Trust portal provides information about how Microsoft services help support compliance with GDPR.

See the Dynamics 365 Data Subject Requests for the CDPR and CCPA guide for additional information and guidance.


Because access to your bot is managed by your Azure Active Directory (Azure AD) tenant administrator, other users with admin permissions have access to your bot content.

A note about requests to rectify personal data

If a data subject asks you to rectify their personal data that resides in your organization, you and your organization must determine if it's appropriate to honor the request. Rectifying the data might include taking actions such as editing, redacting, or removing personal data.

You can use Azure AD to manage Power Virtual Agents users' identities. Enterprise customers can manage personal data rectify requests, including limited editing features, per the nature of a given Microsoft service. As a data processor, Microsoft doesn't offer the ability to correct system-generated logs because these logs reflect factual activities and constitute a historical record of events within Microsoft services.