What is GDPR?
The General Data Protection Regulation (GDPR) is the result of many years of work by the European Union to bring data protection legislation into line with new, previously unforeseen ways that personal data is now used and processed around the world.
When does it come into effect?
The GDPR will apply in all EU member states from 25 May 2018.
Will GDPR affect my company?
Almost certainly. Any company that stores or processes personally identifiable information for EU residents will be responsible for complying with the new regulations, even if that company is not based in the EU.
Will Kayako Classic be GDPR compliant by the deadline?
Yes.
Will I be GDPR compliant when using Kayako Classic as a data processor?
Kayako Classic is currently in the process of completing our own GDPR compliance and this will be completed before the GDPR deadlines. This will mean that you will be compliant when using Kayako Classic as a data processor for your own GDPR compliance.
Does Kayako Classic store Personally Identifiable Information (PII)?
Yes. PII data is considered any information you store which can uniquely identify an individual either directly or indirectly. Kayako Classic stores various pieces of user information would could be counted as PII data.
What PII data does Kayako Classic store?
Kayako Classic stores various pieces of user information would could be counted as PII data including, but not limited to:
- Full Name
- Email Address
- Twitter Handle
- Facebook ID
- IP Address
- Phone Number
NOTE: If you use custom fields within Kayako Classic, it is also possible that those could be considered as PII data if they are able to uniquely identify an individual.
Does any of my data leave the EU?
Yes. Kayako Classic uses third-party applications to help monitor our infrastructure and ensure we maintain good performance, availability, and usability for our customers. Some of these third-party services are hosted outside of the EU. All of our third parties are hosted in countries which obey strict and lawful standards of security. Kayako Classic is currently in the process of signing Data Protection Agreements with all our suppliers and all of these will be in place before the GDPR deadlines.
Does Kayako Classic send my data to any third parties?
Yes. Kayako Classic uses third-party applications to help monitor our infrastructure and ensure we maintain good performance, availability and usability for our customers. We are currently in the process of ensuring all our third-party suppliers meet GDPR requirements and we will be updating our privacy policy to give full details of all our third-party suppliers with detailed information of what information we send to them and how it is processed.
Do I need to sign a Data Processing Agreement (DPA) with Kayako Classic?
Kayako Classic will be updating our terms and conditions, along with our privacy policy to include all the required elements of GDPR compliance. This will ensure that you can use Kayako Classic as a data processor and remain fully complaint. This will not require the signing of a specific data processing agreement. However we can also sign specific Data Processing Agreements with any customer if requested.
Should this affect my decision to choose Kayako Classic?
There is no need to worry about GDPR compliance with Kayako Classic. One of the specific requirements placed on an organization is that all the third parties they use to process information must be compliant with the GDPR principles and you must have a signed Data Processing Agreement which specifies which data is processed and how. Kayako Classic’s terms and conditions, along with our privacy policy will cover all these GDPR requirements when using us as a data processor.
Gary McGrath