1. Home
  2. Docs
  3. Security Compliance
  4. Comprehensive Security Co...
  5. Desk365 and GDPR Compliance

Desk365 and GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is the European Union law implemented by the European Union on 25 May 2018. This regulation ensures that EU residents have a greater say over what, how, why, where, and when their personal information is used, processed, or disposed of. 

According to GDPR, any organization that works with EU residents’ personal information in any manner has obligations to protect the data. This includes basic customer information that your business needs such as name, email, and phone number. 

If you are a resident of the EU, you have certain data protection rights. If you wish to be informed about the personal information we hold about you or if you want it to be removed from our databases, please contact us at help@desk365.io. 

In certain circumstances, you have the following data protection rights: 

  • The right to access, update, or delete the information we have on you 
  • The right of rectification 
  • The right to data portability
  • The right to withdraw consent 
  • The right to object 
  • The right of restriction 

How Desk365 ensures GDPR compliance ?

At Desk365, we place a high priority on user privacy and data protection. We have implemented a range of measures to ensure full compliance with GDPR, offering our customers enhanced control over their data. Below, we detail our approach in various key areas:  

Adherence to security standards 

Desk365 strictly adheres to recognized industry security standards, such as SOC 2 Type 2. This certification reflects our commitment to maintaining a robust security framework that protects user data against unauthorized access and breaches. Additionally, we comply with the Health Insurance Portability and Accountability Act (HIPAA), which has even more stringent requirements for data protection.  

To further bolster security, we recommend organizations using Microsoft 365 leverage Azure AD single sign-on. This integration enhances security by providing strong authentication mechanisms, ensuring that only authorized users can access Desk365.  

Data storage and transfer 

For our EU based customers, we offer the ability to choose our data centers located in the EU for their helpdesk. These data centers are hosted on Amazon Web Services (AWS) regions in the EU. For EU based Desk365 helpdesks, all helpdesk data is securely stored and processed within the EU. 

Ensuring data protection 

Data protection is a cornerstone of our compliance strategy. Desk365 employs advanced encryption techniques to safeguard sensitive data from unauthorized access, disclosure, or alteration. This encryption extends to both data at rest and data in transit, providing comprehensive security coverage.  

Administrators using Desk365 have the option to additionally encrypt custom fields, offering additional layers of security for sensitive information. This flexibility allows organizations to tailor their data protection measures according to their specific needs and regulatory requirements.  

Managing access control 

Desk365 offers robust access control features through its Role-based Access Control (RBAC) system. This system allows organizations to define precise access permissions, ensuring that only authorized personnel can access specific data. Field-level permissions add another layer of granularity, enabling administrators to restrict access to particular data fields based on user roles.  

Access rights can be easily revoked when employees leave the organization, and regular audits are conducted to ensure that access permissions remain appropriate and aligned with job responsibilities. This proactive approach minimizes the risk of unauthorized data access and enhances overall security.  

Comprehensive data tracking 

Maintaining transparency and accountability is crucial under GDPR. Desk365 achieves this through detailed audit logs that record every addition, update, and deletion made to database records. These logs provide a clear trail of data handling activities, facilitating easy tracking and monitoring.  

Users can request access to these audit logs, ensuring transparency and empowering them to verify how their data is being managed. This aligns with GDPR’s principles of transparency and accountability, reinforcing trust between Desk365 and its customers.  

How does Desk365 support you with GDPR compliance?

Desk365 is aware of its obligations as a processor under the GDPR and remains committed to supporting its customers and their clients’ GDPR compliance efforts. 

Desk365’s legal basis for collecting and using the personal information is described in our Privacy Policy located at: https://www.desk365.io/privacy-policy/ 

Listed below are ways in which Desk365 helps you towards GDPR compliance: 

How do I delete a customer/end-user or edit their personal information?

  • This action can be done from the Contacts tab within Desk365. 
  • Click on the ‘Contact’ (customer/end-user) you would like to ‘delete’ or ‘edit’. 
  • You can edit the information there. If you would like to ‘delete’ the Contact, you can click on the ‘delete’ button. 
  • A popup will appear asking you to confirm the deletion. If you accept, the Contact will be deleted and moved to the Deleted Contacts tab. All tickets associated with the Contact would be moved to spam. 
  • To permanently delete a Contact from the Deleted Contacts tab, select the Contact you want to delete permanently and click Delete Forever. Once deleted, all data related to the Contact, including ticket history and interactions, will be permanently removed from the system and cannot be recovered. If the Contact wishes to create a new ticket in the future, they will need to sign up again through the support portal or send an email to your support team.

How do I delete an agent or edit their personal information?

  • This action can be done from the ‘Agents’ tab within Desk365. 
  • Click on the agent you would like to ‘delete’ or ‘edit’. 
  • You can edit the information there. If you would like to ‘delete’ the agent, you can click on the ‘delete’ button. 
  • A popup will appear asking you to confirm the deletion. If you accept, then the agent would be deleted throughout the application. 
  • If the agent has performed any ticket activities, you’ll not be able to delete them. In that case, you can contact us at help@desk365.io and we’ll delete it from our databases. 

Commitment to continuous improvement

At Desk365, we recognize that compliance is an ongoing journey. We are committed to continuously enhancing our security measures to meet evolving regulatory requirements and industry best practices. This commitment ensures that our customers’ data protection and compliance needs are consistently met, providing peace of mind and confidence in our services. 

In conclusion, Desk365’s comprehensive approach to GDPR compliance ensures your data is always protected. You can be rest assured that your data protection and compliance needs are in safe hands. 

Require additional assistance? Please reach out to us at help@desk365.io

How can we help?