What is GDPR?
Simply put, GDPR ensures that EU residents have a greater say over what, how, why, where, and when their personal information is used, processed, or disposed. This rule, effective from the 25th of May, 2018, clarifies how EU personal information laws apply even beyond the borders of the EU.
Why should you be GDPR compliant?
According to GDPR, any organization that works with EU residents' personal information in any manner has obligations to protect the data. This includes basic customer information that your business needs such as name, email, and phone number.
Why is it crucial that you have a GDPR compliant help desk?
Customer service requires that your customers submit personal information. This information is persisted and used in a number of ways to process various functions on Zoho Desk. For example, Desk maintains a customer's email address, phone number, and Twitter handle in order to list all the tickets they have submitted. GDPR mandates that companies maintain a log of all of this customer information and all the ways in which it is being used.
How has Zoho Desk upped its game to support you?
To start with, Zoho has always respected user privacy—we have never used your data to serve ads, and never will. So you've been covered since before the advent of GDPR. That said, we've introduced a number of new checkpoints, so your customers have more control over how their data gets used.
Zoho Desk has among the highest levels of security, meeting industry standards of ISO 27001 and SOC 2 Type II. Zoho has also been certified for its compliance with the EU-US Privacy Shield Framework with respect to transfers of data to the US. We believe that GDPR will further elevate our standards of protecting user data.
Obtain customer consent wherever necessary with fully customizable consent fields. Coming soon to all forms in Zoho Desk.
Data Hosting and Migration
Our secure data centers are located in the EU, US and China. Regardless of where your account was created, your data can be migrated to data centers in the EU upon request. To minimize the impact on your business, this process will be carried out with no anticipated downtime.
Once inside Zoho Desk, sensitive data is protected from unauthorized access, disclosure or modification. We employ a number of encryption protocols and security methods to ensure this. As an administrator, you can also choose to encrypt custom fields where relevant.
Disclosure of Data
Roles and profiles on Zoho Desk let you define permissions, so you can tightly control who in your organization has access to what information. Data-sharing rules and field-level permissions help you take this a step further.
Access to Data
Your agents and customers each have their own levels of access to personal customer information (such as name, email address, and tickets) and can perform a number of actions on the data.
- Rectification: Your customers can edit all of their personal information except their email address, since that is the unique identifier for every contact.
- Portability: Administrators can export service data for every module of Zoho Desk.
- Deletion: Your customers have the right to request that their personal information be deleted. However, your agents and administrators can also delete service data from within the interface in cases where they deem it appropriate.
All deleted data is retained in the database for a period of 60 days, so that it can be restored if needed. After 60 days, it will be deleted from the system permanently.
Soon, you will be able to obtain audit logs—information about every addition, update and deletion made to your database records—in a comprehensible and user-friendly format.
We're constantly upgrading our security measures to help you on your compliance journey. Organizations that are found to be non-compliant, or have breached the regulation, may face a fine of up to €20 million or 4% of the organization's annual turnover, whichever is higher.
For more on Zoho's GDPR readiness, click here.
Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.