Data privacy and protection issues have been big news over the last few years.
In 2018, the European Union enacted the GDPR, a wide-reaching set of regulations with the purpose of promoting data privacy.
Many companies are affected by this and there's a good chance yours is one of them. Here's what you need to know when it comes to GDPR and helpdesk software:
GDPR is the General Data Protection Regulation. It was created to form a set of standards that protect consumer rights regarding how their data is collected and used. With several high-profile data breaches in recent years and concern over how that data was being used, the EU decided that some stricter rules needed to apply.
The GDPR was officially adopted in April 2016, came into effect in May 2018, and has since had a few updates and clarifications. It is primarily about the “processing” of personal data which companies may collect, including storage, collection and transfer. There is also a mandate to give EU citizens more rights over that data, including “the right to be forgotten.”
Article Three of the GDPR outlines its territorial reach and has been clarified by the EU:
1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
The bottom line of this is that all firms located in the EU must comply. Outside of the EU, all firms that offer free or paid goods or services to EU residents, or monitor their behavior online through cookies, must comply.
GDPR applies to your business if you have clients in the EU, even if you're off-shore
If you have any sort of EU presence, your company needs to be compliant with GDPR. To give an example, if you are a software company and you operate a helpdesk, you are collecting data in some form or another on your users.
This means that the helpdesk software you use must be GDPR compliant.
If you're using third-party software (like JitBit), you are responsible for confirming that the software you are using is GDPR compliant (ours is). You might think that being based outside of the EU will let you off the hook, but the laws provide wide-reaching penalties for non compliance. For example:
“For especially severe violations, listed in Art. 83(5) GDPR, the fine framework can be up to 20 million euros, or in the case of an undertaking, up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher. But even the catalogue of less severe violations in Art. 83(4) GDPR sets forth fines of up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher.”
Your data on EU customers or users doesn't have to be stored in the EU to meet compliance requirements. You may have it stored anywhere else, as long as you are following the regulations set out in GDPR.
To be compliant with GDPR, here are some key things your software must do:
If you happen to be a company that uses any sort of profiling or monitoring (such as for marketing), there are also rules for how you keep track of your user data. We're talking about helpdesk software for the purposes of this article though, where these rules are unlikely to apply.
The bottom line is if you operate in the EU or have EU users or customers, you need to be compliant with GDPR requirements. When you're looking for helpdesk software that fits this criteria, JitBit is here and ready to go.
We welcome GDPR as it answers some of the data concerns we already had. In fact, we didn't have to make too many changes to be GDPR compliant because we already had most of these measures in place.
We think many of the requirements now underlined by GDPR should be taken as best practice anyway. If you're collecting any form of customer data, then it's important to respect those customers by protecting it. They need to be able to put their trust in you!
To find out more about JitBit's own GDPR compliance, you can take a look here.