Preparing for GDPR compliance is a company wide initiative and Freshdesk will be compliant before the GDPR deadline of May 25, 2018. GDPR readiness at Freshworks focuses on changes related to product, processes, documentation and vendors. We have a dedicated cross-functional team that has undergone training on GDPR, reviewed company-wide readiness and recommended changes. These changes involve changes to the product, as well as process and documentation changes.
Bengt, to answer your question - if a customer exercises their Right to be Forgotten, Freshdesk will provide the ability to permanently delete the customer and her data.
Alison - all functionalities we build to help you be GDPR compliant will be available on all our plans. EU freshdesk accounts are not hosted on EU servers by default; GDPR does not mandate data to be hosted within EU. In accordance with the letter and spirit of the law, Freshworks takes extensive measures to ensure privacy and security of data.
I've been drawn to this item because I've been looking into GDPR compliance.
One area you haven't answered is whether you will have 2fa implemented by the deadline. As you say on the page that you reference, security is one of the central requirements of GDPR, and I'd argue that without 2fa its hard to claim that you are keeping "pace with technology, and enhance protection against unwarranted use of personal data". If an organisation is breached and plain passwords are being used, it will be hard to argue that sufficient measures have been taken to ensure the security of user data. So, are there any plans to implement this as part of your general GDPR changes?
1 person likes this
9 months ago
"...if a customer exercises their Right to be Forgotten, Freshdesk will provide the ability to permanently delete the customer and her data."
Can you be specific about how this will work? Our account rep has not responded to direct questions about this and our compliance team want some assurances that either one of our own admins can remove data directly from Freshdesk, or that there is a dedicated pipeline for them to request that action with Freshdesk directly.
1 person likes this
8 months ago
I can provide more detail on what we're building to help you permanently delete user data. This is how the functionality would work:
1. Today, the admin navigates to the specific customer's profile and 'deletes' the contact - this first step is a soft delete. (This is available today)
2. The admin would then navigate to the deleted contact's profile and uses the 'Delete forever' option (This is being built and will be available by the end of this month). This action permanently deletes the customer's data - tickets, forums, calls & profile.
3. Additionally, permanent deletion would be available via API
8 months ago
I've been reading through various forums and checked out your links to GDPR - suppose I have a question that I cannot find answerable anywhere, hopefully someone or you can help?!
We are a B2B company that provides online resource management tool for project management / agency / scheduling etc. We use Freshdesk for our support desk requirements. With GDPR - our question lies around the content that would have been created within those tickets raised with agents. So for example, in one years time a customer wishes to delete their account/ask to be forgotten. We will need to delete their data PII and have no problem doing that - however. There would be some content in the conversations that we would need to hold onto as a resource for future reference. How would we go about this?
I do note on you FAQ that "If the deleted contact has been an agent with the account, we permanently delete their PII(Personally
Identifiable Information) such that the individual is not identified or identifiable thereafter. For business
continuity, their contributions to the business viz. ticket responses,notes,knowledge base articles, forum
topics/comments, support calls, surveys, automation rules, ticket templates, contacts, companies, tags,
etc. will be retained (This is being built and will be available soon.)t" - would the same apply for our customers content?
Would be great to hear your thoughts and answers to the above?
@Helen: Will discuss with the team and get back to you soon.
1 person likes this
7 months ago
Hey, all -- it's now May 25th in the EU, and there's still nothing on the site confirming GDPR compliance. What's up??
We're looking to subscribe to your product, but need to be able to execute a DPA with Freshdesk for our own GDPR compliance. Assuming Freshdesk is now GDPR compliant, how do we manage this prior to placing a subscription order??
For the GDPR there needs to be a (signed) Data Processing Agreement between controller and the processor.
Do you have one that I can use/sign or should I sent ours?
6 months ago
@Sander: We can send over the DPA document for you to sign :) I'll have one of our support heroes to reach out to you.
Marcus | Swedbyte
21 days ago
After a long wait I’m finally happy to announce that our GDPR assistant app now is released on the marketplace!
Our app is very flexible and covers 3 important areas of GDPR compliance:
* Automatic deletion of user data after certain periods of time. You configure for how long time data shall be stored, including exceptions or different time periods for different groups, types etc, and then GDPR Assistant will take care of the rest and make sure you're not violating the GDPR rules. And best of all: No more need of manual work to go through and delete data!
* Creation of PDF reports, containing all interactions a specific person had with your organization, with a single click of a button. No more need to search, filter and export data to reply to a data subject request!
* Complete deletion ("forget") of a user and all its related data from your Freshdesk account.
You’ll find the app here:
And you can read more about the app on our website:
Don’t hesitate to reach out to us with any feedback or ideas of improvements.