Freshservice is ready for GDPR. Here are the changes we’ve made to our product to help you comply with GDPR. We’ve also answered some of the questions that we frequently hear from our customers.
What is GDPR and does it affect me?
The GDPR is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It comes into effect on May 25, 2018. It provides residents of the EU greater control over their personal data and assurances that their information is being securely processed across Europe.
GDPR applies to you if your organisation matches the descriptions below:
You are located within the European Union
You are located outside the European Union but interact with EU residents and process their data
That ultimately means that almost every major corporation in the world will need to be ready when GDPR comes into effect.
What are the key changes covered in GDPR?
GDPR expressly introduces several principles that previously underpinned data protection law, such as the "accountability principle" and "privacy by design," and encourages organisations to take more responsibility for protecting the personal data they handle.
Do I need to move my data to the EU Data Center?
No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on the transfer of personal data outside the EU. GDPR only mandates that such transfers be legitimised through any of the mechanisms provided in the regulation. Some ways of legitimised transfers are through EU-US Privacy Shield Certification and Model Contractual Clauses. Freshworks is certified under the EU-US and Swiss-US Privacy Shield.
How can I forget/delete a user’s personal data?
GDPR mandates that if a user decides to exercise their right to be forgotten, it should be complied with. To support you with these requests, Freshservice has built a 'Forget User' option. This would permanently delete user information in the system, as well as tickets/notes/calls that belong to the user.
When the admin decides to ‘Forget a user’, Freshservice displays a pop-up indicating confirmation of the action. As part of this, Freshservice provides the admin with all necessary information related to the action they are about to take. This is achieved by providing a hyperlink pointing to detailed information on what 'Data' and 'Activities' mean.
If a ‘Requester’ (eg: Employee) wants to be forgotten:
This process can be only carried out by the admin.
The admin can visit the respective user’s profile page and select the option ‘Forget User’.
On selection of the option, a popup is displayed informing the admin of resulting actions and dependencies.
On an affirmative action from the admin, the first step is to delete PII. This data is replaced with a tag called ‘Forgotten User
Note:
1. All tickets & notes created by this requester will be deleted
2. The requester will be deleted only if the requester is not involved in any core service desk related activities like Approvals, Change requests, etc.
Core service desk activities of the ‘Forgotten user’ identified by the system will be retained.
If an ‘Agent’ wants to be forgotten:
This process can be only carried out by the admin
Similar to the case of the Requester, the admin will visit the agent profile page and select the option ‘Forget User’
On selection of the option, a popup is displayed informing the admin of resulting actions and dependencies.
On an affirmative action from the admin, the first step is to delete PII. This data is replaced with a tag called ‘Forgotten User
None of the service desk related items will be deleted, activity data will be retained as is
Note:
1.All incidents and notes (Public and Private) created by this Agent will be deleted
2.All Service Requests which were requested for this user will also be deleted
3.The “Forgot Agent” action will be recorded under the Activities tab
4.The previous actions performed by the forgotten agent (including name) will be listed under Audit Logs
How to address a user’s request to opt-out of analytics?
To meet the customer’s need to opt-out of their data being used for business analytics, Freshservice provisions for two things:
User-level opt-out
Irrespective of user type (agent or requester) the admin must navigate to the user profile page and select option,‘Opt out of analytics’. On actioning this, sharing of user data will be terminated
Customer level opt-out
In order to stop analytics for the whole account, the customer must reach out to our support team, and we will terminate tracking account data.
All integrations, apps and custom apps that you use along with Freshworks products, are governed by their own terms and privacy policies. Freshworks does not provide any warranty for these services you may use.
All related practices by these integrations and apps including data hosting, data transfer etc are the sole responsibility of the apps and services themselves and are not governed by Freshworks.
For more information or questions about GDPR for Freshservice, please write to [email protected].
Footer: Freshworks as a company is committed to providing secure products and services by implementing and adhering to prescribed compliance policies, both as a data controller and processor. The upcoming GDPR enforcement is critical to our mission of providing EU and all our global customers with a safe and dependable business software suite.
Disclaimer: This document is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and/or your organisation. We encourage you to obtain independent professional advice, before taking or refraining from any action on the basis of the information provided here.