Is HESK GDPR compliant?
The General Data Protection Regulation, or GDPR in short, is a regulation on data protection and privacy for all individuals within the European Union.
There is no such thing as GDPR compliant software. GDPR is regulation for organizations. While software can be designed with privacy in mind and provide tools to make your life easier, there is much more your organization needs to do to comply. Just installing and using certain software will not cut it, no matter what marketing departments tell you.
That said, HESK does indeed provide several tools that will help you exercise rights and obligations under the GDPR.
- Right of access
Citizens have the right to access their personal data and information about how this personal data is being processed.
In HESK, you can find all the stored information of a data subject by using the "Find tickets" from. There you can lookup tickets by customer name, email, IP address and more.
Any tickets you find can then, individually or in bulk, be exported into Excel or printed. - Right to rectification
When personal data are inaccurate, then controllers need to correct them.
In HESK, you can modify customer data in any support ticket by clicking the "Edit" button in the top right corner when viewing a ticket.
Staff can modify their personal data in Admin panel > Profile. Staff members, who have the permission to manage users, can modify other staff personal data in Admin panel > Manage users. - Right to erasure
Data subject has the right to request erasure of personal data related to them.
In HESK, you can delete personal data by deleting a ticket, either individually or in bulk.
To delete multiple tickets, select them in the ticket list, in the "With selected:" drop-down menu select "Delete selected tickets" and click "Execute".
Individual tickets can be deleted by clicking the "More > Delete ticket" button when viewing a ticket.
Staff accounts can be deleted in Admin panel > Manage users.
You can anonymize instead
But wait, there is more! Instead of deleting tickets, HESK allows you to anonymize them. This process removes all personally-identifiable data from tickets (name, email, IP address, message, ...), but keeps modified tickets in the database for statistics.
To anonymize multiple tickets, select them in the ticket list, in the "With selected:" drop-down menu select "Anonymize selected tickets" and click "Execute".
Individual tickets can be anonymized by clicking the "More > Anonymize ticket" button when viewing a ticket. - Right to data portability
A person is to be able to transfer personal data from one electronic processing system to and into another, without being prevented from doing so by the data controller.
In HESK, you can easily export selected tickets into Excel. In the list of tickets select those you wish exported, in the "With selected:" drop-down menu select "Export selected tickets" and click "Execute".
Individual tickets can be exported by clicking the "More > Export to XML for Excel" button when viewing a ticket.
The entire HESK database can be exported in SQL format using your MySQL command line or a tool such as phpMyAdmin that most web hosting companies provide. Additional configuration settings are stored in a formatted PHP file and are transferable in plain text.
For additional information about becoming GDPR compliant please contact your local data privacy authority and consult one of the many resources available on the Internet.