General Data Protection Regulation 2018 - the right to be forgotten

Respondida

55 Comentarios

  • Comentario oficial
    Jessie Schutz
    Zendesk team member

    Edit: Updated 12/1/17

    Zendesk has launched an  EU Data Protection website to serve as a resource to help our customers prepare for the GDPR and to serve as a centralized information hub where our customers can stay up to date with our product enhancements and EU data protection issues in general.

    This website includes information about various aspects of EU data protection, our BCRs, what the GDPR is, the changes it brings to organizations operating in the EU, and the product features and services Zendesk offers to support your GDPR compliance efforts. In the coming months, we will continue to update the website and add resources to assist our customers’ GDPR compliance efforts when using our services.

    In addition, we invite you to visit the Zendesk Blog for the latest on our EU data protection efforts and how we work with customers who have cross-border, personal-data-transfer issues.

    If you have any additional questions please feel free to send an email over to privacy@zendesk.com.

    _____

     

    Hi everyone!

    I touched based with our Legal Team, and here is the information they shared with me:

    Thank you for your query. Zendesk is in the midst of an in-depth General Data Protection Regulation (GDPR) readiness project across our entire organisation, including the recent completion of our Data Protection Impact Assessments (DPIAs). As part of this project, we are analysing each of our product offerings and our internal policies with a view to identifying any gaps in GDPR compliance; and, we are taking steps to fill any such gaps. We expect to be in a position to release more detailed information (on our website) regarding our state of readiness and guidance for our customers in November of 2017; and, will be GDPR compliant by the effective date of 25 May 2018. We invite you to check back in with us on our website for further updates.

    Zendesk values your trust and share in the same concerns over the privacy of you and your data. That is why Zendesk offers its customer choices when it comes to privacy. Recently, Zendesk has obtained approval for its Binding Corporate Rules (“BCRs”) as a data processor for its customers’ data, which provides our customers with a robust mechanism to facilitate transfers of personal data from the EEA to members of the Zendesk family of companies when using our services. Further information is available in our press release. In, addition Zendesk has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to the U.S. Department of Commerce and has been added to the Department of Commerce’s list of self-certified Privacy Shield participants. Our certifications confirm that we comply with the Privacy Shield principles for the transfer of European and Swiss personal data to the United States. Finally, in an effort to give our customers even more assurances around our commitment to GDPR compliance, we have updated our Data Processing Agreement that confirms a contractual commitment to comply with the provisions of GDPR when they come into effect and incorporate the EU Model Clauses. You can learn more about of privacy practices and how to obtain our Data Processing Agreement here.

    If you have any additional questions please feel free to send an email over to privacy@zendesk.com, and stay tuned for our official docs to be released in November!

  • Joel Hellman

    Any updates?

    While it's good to know that Zendesk is actively working on GDPR, in the end it will be our own responsibility to implement it towards our customers. 

    That means we need to know what things to address on our end, and what things we can rely on Zendesk to build on their end. Development solutions that address customer privacy concerns takes time, so the sooner we know, the easier it will be for us to get to work on what we need to fix on our end.

    Will Zendesk build new tools to identify sensitive information, such as regex based trigger conditions? 

    Will Zendesk build new tools to redact/permanently delete information inside tickets without deleting the whole tickets. Such as content in comments, subject, meta information such as email, IP addresses, and select custom fields?

    We'd likely want different retention plans on different types of tickets that defined what information to remove. Should we build this ourselves using the business tools triggers, custom fields in Zendesk or will more streamlined tools for this purpose be made available?

    How will we solve the dilemma of protecting our customer's privacy, while still allowing Zendesk analytics solution (GoodData-Insights or BIME) to stay useful? For example, we want to keep aggregated data, such as ticket volumes, what Tickets were About, the volume of tickets per Organization, etc, but not content that leave us with privacy concerns.

    For apps and integrations, removing key data such as Ticket ID and External ID would be troublesome to deal with. There is a difference between a ticket that existed and was removed, and a ticket which never existed. 

    How will removing User information be handled? Users also carry information that have privacy concerns, but handling that will likely be dependent on if the User has been active recently or not. 

    Thanks.

     

     

    4
  • David Wilkes

    Joel's comments are exactly the questions I have Jessie - the various links don't give me much confidence though.  They talk about what Zendesk is doing to become compliant as a business and don't seem to mention in any form what it plans to do to improve the product so that we can be compliant when using Zendesk.  Surely there is a roadmap to say what features are going to be added?  Are we going to get a list of new product features in November, and with that a delivery date for those features?

    Regards

    David

    3
  • David Wilkes

    Hi

    It would be good to see something soon.  We have been conducting our own inhouse review and have a need to implement flexible retention policies.  Ideally we'd be able to mark each ticket with a 'Retention Category' where each category has its own retention rule - for instance 'personal data to be deleted on closure of ticket'.  Ideally we'd be able to obscure content in a ticket reply rather than delete the whole ticket.

    We don't want to loose tickets, in the sense we need them for statistics, but the content itself (in some instances but not all) needs to be either obscured or removed.

    Other ideas - our customers should be able to mark their tickets in the Help Centre as containing personal information.

    2
  • Joel Hellman

    Okay, now I'm back to being worried. Just as David says, I'm not concerned Zendesk themselves will be GDPR compliant; I'm worried that it will become hard for us to use Zendesk efficiently and stay compliant. 

    I do expect a roadmap relating to customer's being GDPR compliant while using Zendesk products, and I also expect Zendesk to be helpful to their customers in identifying areas of concerns, and be straight up about which concerns we will have to handle ourselves - I mentioned a few of these concerns in my previous post. Since adhering to GDPR is very much about addressing technical challenges, Zendesk needs to be sufficiently detailed, or it won't be helpful to us.

    Thanks for the prompt responses Jessie, and for helping us by delivering our feedback back to Legal and Product at Zendesk!

    2
  • Helle Buhl

    Hi - I have followed the link to the Data Processing Agreement. Then I need to sign something - I'am not sure why/what it is that I need to sign for ?

    1
  • Helle Buhl

    The week of the 27th is just about to "run out of time". 

     

    When will you announce the news about GDPR?

    I'am beginning to get a bit worried. If I find out that I cannot get Zendesk to fit in our GDPR plans, then I need to find another helpdesk solution - and it takes time.

    So please - come up with some very good news. 

     

    1
  • David Wilkes

    Well that's an anti-climax.  Can't see there's anything at all about new product features.  Not one thing, unless you care to point me at the list of planned features I think we all expected to see.

    1
  • Nicole S.
    Zendesk Community Team

    Hey David - 

    The legal team said they expect to update the website with product functionality updates related to GDPR in Q1. That's all the information they've given us at this time. 

    That being said, you're welcome to email them directly at privacy@zendesk.com with your concerns. 

    1
  • Magnus Säll

    Hi there,

    I have been following this thread since one of your agents shared it with me
    I had a question about the european data center add on, and he told me to wait and keep my eyes on this thread.

    What i can see there is no change of data centers or how it handled in the documents above?
    For us that means that we have to first upgrade to a higher plan (to be able even to choose the data center option) and then add the data center option.

    That only, for us, will be a higher cost per month than we pay today for the whole system.
    I really hope i have understood something wrong?

    1
  • Helle Buhl

    Yesterday I was attending a webinar at Zendesk.

     

    I asked - I know that it was not on the agenda - but I asked about GDPR and when new features to help customers dealing with GDPR would be available.

    And as before - they are sending me a link to the Zendesk GDPR homepage. Not a lot of news their.

    My thought was - why use time for a lot of other new features when the most important new features should be GDPR features to help the customers?

     

    I'am looking forward to the Webinar where new GDPR features would be presented.

     

     

     

    1
  • Dan Ross
    Community Moderator

    Hey Jessie,

     

    Any updates? March has come and gone and there's no mention of any new GDPR related functionality. Our own legal department is putting a lot of internal pressure on teams here to ensure that our primary vendors are GDPR compliant. 

    We also need time to adjust business rules and practices to adjust to any new features, with the deadline in less than 60 days, we're cutting it pretty close. 

    Is there any news on how Zendesk will allow us to meet the requirements of GDPR?

    1
  • Barry Neary
    Zendesk Product Manager

    Hi All

    I am a product manager here at Zendesk and we are launching an EAP (beta) of a feature that will scrub PII data from closed tickets. If you are interested in learning more or being part of the trial, please leave a comment on this thread.

    Regards

    Barry

    1
  • Barry Neary
    Zendesk Product Manager

    Hi Denise - its still to be decided. If it is made available I will let you know.....

    1
  • Dan Ross
    Community Moderator

    I very, very much hope this is made available to all plan tiers after EAP. Proper legal compliance with GDPR/CCPA should be a base tier feature not a paid add on.

    1
  • Graeme Carmichael
    Community Moderator

    Helle

    I am not familiar with the legislation, but I just want to ensure you are aware of the ticket redaction app. It is provided by Zendesk, but not officially supported so may not meet all your requirements.

    0
  • Helle Buhl

    I am aware of that APP. I have tried to test this before, and was not very fund of it.

    But - maybe I should give it another go.

    And - there is still this problem with the APP:

    NOTE: The Redaction API completely deletes data from Zendesk Support databases, but does not purge existing logs when the ticket data was originally created. Zendesk is investigating purging redacted data from logs in the future.

    0
  • Colin Piper

    @Helle, the new "Right to be forgotten" legislation was initially designed to address the the concerns that someone's past history could be misrepresented at some stage later. The initial target was search engines and other reference sites. In my non-expert opinion, it would seem that the within the Zendesk realm, only public forums are potentially of concern. However it is not clear to me whether the legislation covers material which is originally posted by an individual or whether it is only material that refers to that individual I.e., would this legislation allow for me to request Zendesk to remove any post I have ever made in this community? It would certain allow for me to request a post removed that expression an opinion of myself but these are not allowed in the community guidelines anyhow and would be removed by Zendesk as soon as spotted anyhow. 

    0
  • Stefan Frithiof

    Helle, We share your concern. We are preparing for the GDPR in 2018 as well. Is there any new info about Zendesk preparations for this? We want to ensure the support system we are using complies with this. Because of the massive fines if you don´t follow the legislation, I think many others will do as well.

    0
  • Jessie Schutz
    Zendesk team member

    Hey guys!

    Sorry for the delayed response on this. I was just speaking with a colleague the other day, and this new legislation is definitely on our radar. I'm in the process of getting in touch with the appropriate teams to get some information for you.

    Stay tuned!

    0
  • Thomas D'Hoe
    Community Moderator

    Hi,

     

    What's the status about GDPR?

    Thanks!

    0
  • Nicole S.
    Zendesk Community Team

    Hey Thomas et al -

    I've pinged a few folks internally, and we'll have an update for you shortly. Standby!

    0
  • Nicole S.
    Zendesk Community Team

    Hi all -

    The official word is that you can rest assured that we will be compliant with the GDPR when it comes into effect in May 2018.

    EDIT: the form originally listed here is not what should be used to access more information. If you have additional questions or need more information, please email privacy@zendesk.com

    0
  • DJ Jimenez

    Another thing about the redaction app is it does not work on closed tickets. Are there any other tools that are/will be available?

    0
  • Nicole S.
    Zendesk Community Team

    Helle - Please email privacy@zendesk.com. I was given that form in error, but have received more current information and the folks at that email address will be happy to answer any questions you have. 

    DJ - I know that we will for sure be GDPR compliant, but don't yet have details on how this will be rolled out. You are also welcome to email that address with questions. 

    We will eventually have more public information to share, but they're still working on the documentation and web page for that. Thanks for hanging with us while we get this sorted out! 

    0
  • Susanne Ekenheim

    I will for sure send an email, but I think you're wise to explain how this will work in this thread also.

    How long do you save tickets in your systems? 

    Are you saving the ticket itself but remove the customers emailadress?

    There are sensitive information in the tickets also - how do you handle this?

    0
  • Joel Hellman

    I will also send an email, but we too would like more details in this thread how you will approach and implement GDPR in Zendesk. 

    0
  • Jessie Schutz
    Zendesk team member

    Hey Susanne and Joel!

    As Nicole mentioned earlier, we're still working on the public facing documentation on this. Once it's ready, we'll be sure to share the link here, and make sure that any follow-up questions you might have are answered!

    In the meantime, I'm going to follow up internally and see if I can get a timeframe for when this documentation will be available. If there's any info to share, I'll be sure to let you know!

    0
  • Jessie Schutz
    Zendesk team member

    Hey David and Joel!

    We don't have any further updates on this right now. I'd encourage you to read through my official comment above, if you haven't already, which includes a statement from our Legal team about what we're working on and several links to relevant information.

    The TL;DR of it is that we're working on GDPR compliance and expect that we'll have the details ready to release publicly in November. I promise I'll update this thread when that information becomes available, or if anything changes!

     

    0
  • Joel Hellman

    November sounds fine, I had honestly missed that we had an ETA already.  

    Thanks Jessie!

    0

Iniciar sesión para dejar un comentario.

Tecnología de Zendesk