HelpDesk ticketing system » Jitbit Help Desk GDPR Compliance

Jitbit Help Desk GDPR Compliance

What is GDPR?

GDPR is the new data protection law in the EU that strengthens the protection of personal data. The law regulates "processing" of personal data, which includes storage, collection and transfer of personally identifiable information. Any company that sells a software app or a digital service on the EU market (not just an EU company) has to comply with it starting May 2018.

Key requirements for SaaS providers

The key changes are:

  • The right to be forgotten AKA "right to erasure" - EU individuals have the right to request erasure of their personal data or request a copy of their personal data
  • Data protection by design - practical measures to prevent loss, destruction of damage of data.
  • Data processing consent - companies have to include the following info in their terms of service and customer agreements: the duration, purpose and nature of data processing, the types of data being processed
  • Data breach notification - the company has to report data breaches to data protection authorities and to affected data subjects
  • Data protection officer- company has to appoint a DPO whos job is to ensure privacy and protection of personal data
  • New requirements for profiling and monitoring - this mostly affects marketing companies and AD-platforms that keep track of user demographics and similar data, that allows showing more relevant ads to users.

The key changes are listed on the official website and we highly recommend visiting it. Unlike most "official" websites, this one is actually very neat and user-friendly.

Does GDPR require EU data to be stored in the EU?

No. The GDPR does not require EU personal data to be physically stored in the EU, nor does it place any new restrictions on data transfer other than the ones that already existed.

What Jitbit is doing about GDPR

Jitbit welcomes the GDPR. It is an important step towards protecting private data. Both our founders have been very vocal about the terrifying dangers we all face in light of rapid technological developments, such as AI, face-recognition, the rise social networks etc.

Note from Alex, our founder: "I'm personally very happy about the GDPR and the first thing I'm going to do in May 2018 is request a copy of my personal data from Facebook just for kicks. I'm really interested of what's going to happen next. I'd also like to request Google to remove any personal data from my Google Photos family archive, like our names, social graph, locations, people present on the photos etc. Will blog about the results."

Now back to GDPR and our SaaS help desk software:

1. First of all, Jitbit's cloud-hosted helpdesk app collects no personal data other than full name and email of helpdesk app users (both end-users and administrators or helpdesk-agents). We do not even store our customers' addresses, VAT numbers, company names, locations or credit card numbers when they make a purchase - this data simply does not exist on our servers, it stays at the payment gateway, and we have no access to it.

2. Jitbit already has the "right to be forgotten" procedure in place, implemented and operational. We physically delete the clients' data once they cancel their account and/or the account expires. In addition, we don't use any personal data for marketing, profiling or similar purposes. The "data portability" part works too - any Jitbit customer can request an actual copy of their account data, this has been working for years.

3. Jitbit is already HIPAA-compliant (HIPAA is an American thing that protects medical patients' private healthcare information, which is even more strict than GDPR). Which means we already have all the policies and procedures in place: we do have a Data Protection Officer, we do encrypt all the data both when storing AND transferring it, we do have a breach notification procedure, we also perform regular in-house training for all our employees.

4. Jitbit has less than 250 employees (way less, in fact), which means we don't have to keep records of data processing activities.

5. Our clients - the companies that use our hosted helpdesk solution - might add one or more "custom fields" to their helpdesk tickets, that can store personal data. For example "taxpayer ID" or "address" or something similar. In this case the client does have to perform some extra steps to comply with the GDPR, like: provide Jitbit with an SSL certificate if they use a custom domain and inform their customers about collecting this data and the purposes ("consent"). While Jitbit will take care of the safety of the data and implementing the "right to be forgotten" and "data portability".

We also have our own Data Processing Agreement which we will provide and sign by request. Contact our support to get started.

Last updated: 3/5/2018 more Helpdesk Ticketing System whitepapers Jitbit Help Desk GDPR Compliance

HelpDesk ticketing system