From what I have seen, Zendesk has by far been one of the most proactive services in terms of clarity and helping customers prepare for the GDPR - so props to the Zendesk legal and content teams.
I'm looking for a little bit of advice/clarification though i'm aware this might result in a standard 'get your lawyer's advice'.
Zendesk stores our data in the US and there is no option (unless you are on Enterprise) to have data stored in the EU. ZD have great 'coverage' through BCRs, model clauses (which we've signed) & privacy shield.
As a European SaaS company, we support a lot of European clients. They sometimes share fragments of their customers data with us via ZD (eg screenshots to help explain issues). This data is of course ending up outside the EU but is protected via the mechanisms i mentioned above.
The questions are:
- Do we need to now modify our agreement with our customers to include model clauses?
- do they now need to provide end users with a modified agreement?
- Is there a practical way to deal with this kind of data transfer that i'm possibly missing?
or do we simply not need to do anything.
Please sign in to leave a comment.