In response to the many questions regarding Freshdesk during our previous GDPR webinar, Freshworks recently hosted a webinar exclusively about the Freshdesk product. The webinar was a deep-dive into the GDPR-ready product capabilities on Freshdesk, and how these would help you meet your obligations to the regulation. You can watch the recording here, and below is a summary of the session and answers to audience queries.
- Bust common GDPR myths like data should not leave the EU.
- Seven principles of GDPR and how to apply them
- GDPR-ready features in Freshdesk that will help you meet your compliance obligations
Busting Common GDPR Myths
Myth: Personal data shouldn’t leave the EU
Fact: GDPR regulates but does not prohibit data transfers
GDPR mandates such transfers to be legitimized through two ways:
- EU-US Privacy Shield certification
- Model Contractual Clauses
Freshworks uses both ways to legitimise transfers.
- Data stays within the region based on where it is hosted, transfers are legitimized
- Our data centers in the United States, Ireland, Frankfurt, Australia, and India are protected with required security measures
Myth: You must have consent to process personal data
Fact: Consent is not the only way to comply with the GDPR
The GDPR provides other ways of processing data:
- Contractual necessity
- Legitimate interests
- Vital interests
More information is available on the website of the Information Commissioner’s Office.
Myth: GDPR is an unnecessary burden on businesses
Fact: GDPR encourages businesses to be responsible about an individual’s data
- GDPR requires fairness, transparency, accuracy, security, minimisation, and respect for rights of the individual whose data you want to process for business purposes
- Helps gain customers trust, and they are likely to engage better with the business
The 7 Principles of GDPR
- Lawful, fair, and transparent processing: Emphasizes transparency for all individuals i.e. when data is collected, businesses must be clear as to why data is being collected and what will it be used for.
- Purpose limitation: Collect data, only for the purpose you need it for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.
- Data minimization: Ensure data captured is adequate, relevant, and limited. Based on this principle, organizations must be sure that they are only storing minimum amount of data required for their purpose.
- Accurate and up-to-date processing: Data controllers must ensure information remains accurate, valid, and fit for purpose. To comply, organizations must institute processes and policies to address how they maintain the data they are processing and storing it.
- Limitation of storage in a form that permits identification: Organizations must have control over storage and movement of data. This includes implementing and enforcing data retention policies and not allowing data to be stored in multiple places.
- Confidential and secure: An organization collecting and processing data is solely responsible for implementing appropriate security measures to protect the individuals data.
- Accountability and liability: Organizations must be able to demonstrate they have taken necessary steps to protect an individual’s personal data, and be able to pull up every step within the GDPR strategy as evidence.
(For a feature demo on how to meet subject right requests through Freshdesk, watch the webinar video)
GDPR Webinar Q & A
Here’s a quick reference to answers on queries asked during the webinar.
If you missed the webinar, and like to receive a recording, register here! See how you can use Freshdesk’s GDPR-ready features to meet your compliance obligations.