GDPR Compliant Help Desk Software

Jitbit Help Desk is fully GDPR compliant - both our cloud-hosted SaaS and self-hosted versions. We have been compliant since GDPR took effect in May 2018 and continuously update our data protection practices to meet evolving regulatory requirements.

What is GDPR?

The General Data Protection Regulation (GDPR) is the EU's data protection law that strengthens the protection of personal data for individuals within the European Union. The regulation governs the processing of personal data - including its storage, collection, and transfer. Any company that offers software or digital services on the EU market (not just EU-based companies) must comply.

Key GDPR requirements for help desk software providers

GDPR introduces several obligations that directly affect how help desk and ticketing systems handle personal data:

  • Right to erasure ("right to be forgotten") - EU individuals can request deletion of their personal data or request a portable copy of it
  • Data protection by design - practical technical measures to prevent loss, destruction, or unauthorized access to data
  • Data processing consent - service providers must clearly disclose the duration, purpose, and nature of data processing in their terms and agreements
  • Data breach notification - companies must report data breaches to protection authorities and affected data subjects without undue delay
  • Data protection officer (DPO) - organizations must appoint a DPO responsible for ensuring the privacy and protection of personal data
  • Profiling and monitoring restrictions - stricter rules around tracking user demographics and behavioral data

Does GDPR require data to be stored in the EU?

No. GDPR does not require EU personal data to be physically stored within the EU. It does not impose data-residency restrictions beyond the transfer safeguards that already existed under prior EU law. Jitbit's infrastructure is hosted on Amazon Web Services, and we maintain a signed Data Processing Agreement (DPA) with Amazon to ensure compliant data handling.

How Jitbit Help Desk meets GDPR requirements

Jitbit welcomes the GDPR. Both our founders have been vocal about the importance of protecting personal data in the age of AI, facial recognition, and social networks. Here is how our GDPR compliant help desk software addresses each requirement:

EU-based company

Jitbit's legal entity is "Jitbit Baltic SIA" based in Latvia, making us subject to the same GDPR obligations as our EU customers.

Minimal data collection

Jitbit's help desk app collects only a full name and email address from users (both end-users and agents). We do not store customer addresses, VAT numbers, company names, locations, or credit card numbers on our servers - that data stays at the payment gateway and we have no access to it. We do not use any personal data for marketing research or machine learning.

Right to erasure and data portability

Jitbit has had a fully operational "right to be forgotten" procedure since before GDPR took effect. We physically delete all client data once an account is canceled or expires. We do not use any personal data for marketing, profiling, or similar purposes. For data portability, any customer can request a complete copy of their account data - this feature has been available for years.

HIPAA compliance (exceeds GDPR standards)

Jitbit is also HIPAA compliant. HIPAA is the U.S. law protecting medical patients' private healthcare information and imposes requirements that are in many areas stricter than GDPR. This means we already have robust policies and procedures in place: a designated Data Protection Officer, encryption of all data both at rest and in transit, a formal breach notification procedure, and regular privacy training for all employees.

Data processor responsibilities

Jitbit operates as a "data processor" under GDPR. Our clients - the companies using our hosted help desk solution - may add custom fields to their tickets that store personal data (for example, "taxpayer ID" or "address"). In this case the client must take steps to comply with GDPR consent requirements, while Jitbit handles the security of that data and implements the right to erasure and data portability on the technical side.

Personnel and security controls

Jitbit takes all reasonable steps to ensure the reliability of personnel who have access to personal data. We maintain technical and organizational measures to keep all personal data confidential and secure, and to protect it against accidental loss, unlawful destruction, alteration, disclosure, or access. No subcontractors can access our clients' data without explicit permission.

Secure infrastructure

Our help desk is hosted in Amazon's private cloud infrastructure (not visible from the public internet). Only two people have access to the production database. We have a signed Data Processing Agreement (DPA) with Amazon Web Services.

More technical details are available in our GDPR knowledge base article.

Adding a GDPR consent checkbox to ticket forms

If you need to collect consent from end-users before they submit a support ticket, Jitbit makes it straightforward. You can add an "I agree with privacy policy" checkbox to the ticket-creation form. See our step-by-step guide for instructions on setting up consent checkboxes and the built-in data export options.

Data Processing Agreement (DPA)

Jitbit provides a ready-to-sign Data Processing Agreement template for all customers who need one. A DPA is often required by GDPR when a data controller (your organization) engages a data processor (Jitbit). Contact our team to get your DPA signed and in place.

Why choose Jitbit for GDPR compliant help desk

  • EU-based company - our legal entity is in Latvia, so we are subject to the same GDPR obligations as our EU customers
  • Minimal data footprint - we collect only what is strictly necessary to operate the help desk
  • Encryption everywhere - all data is encrypted both at rest and in transit
  • HIPAA compliant - we meet an even higher bar for data protection than GDPR requires
  • Built-in data portability - export your entire help desk data at any time
  • Signed DPA available - ready for your compliance audit

Try Jitbit Help Desk free - fully GDPR compliant out of the box, with no setup required.

more whitepapers
Helpdesk features Hosted vs On-Premises Zendesk vs. Jitbit Outlook Help Desk A Simple Support Ticket System System Requirements JIRA and other integrations Help Desk Demo Email ticketing system GDPR Compliant Help Desk Software How does it work? HelpDesk Source Codes ASP.NET help desk Helpdesk API Case Studies Customer reviews User guide FAQ Version history Download now Pricing