Overview
The article provides a compilation of the most frequently asked questions about GDPR (General Data Protection Regulation) and Kayako Classic.
Information
Note that the questions below are relevant to both Download (self-hosted) and OnDemand customers.
What is GDPR?
-
The General Data Protection Regulation (GDPR) is the result of many years of work by the European Union (EU) to bring data protection legislation into line with new, previously unforeseen ways that personal data is now used and processed around the world.
When does it come into effect?
-
The GDPR will apply in all EU member states from 25 May 2018.
Will GDPR affect my company?
-
Almost certainly. Any company that stores or processes personally identifiable information for EU residents will be responsible for complying with the new regulations, no matter which country of registration.
Will Kayako Classic be GDPR compliant by the deadline?
-
Yes.
Will I be GDPR compliant when using Kayako Classic as a data processor?
-
Kayako Classic is currently in the process of completing our GDPR compliance, and is expected to complete before the GDPR deadlines; This will mean that you will be compliant when using Kayako Classic as a data processor for your GDPR compliance.
Does Kayako Classic store Personally Identifiable Information (PII)?
-
Yes. PII data is considered any information you store, which can uniquely identify an individual either directly or indirectly. Kayako Classic stores various pieces of user information that would be counted as PII data.
What PII data does Kayako Classic store?
-
Kayako Classic stores various pieces of user information that would be counted as PII data including, but not limited to:
-
Full Name
-
Email Address
-
Twitter Handle
-
Facebook ID
-
IP Address
-
Phone Number
Note: If you use custom fields within Kayako Classic, it is also possible that those could be considered as PII data if they can uniquely identify an individual.
-
Does any of my data leave the EU?
-
Yes. Kayako Classic uses third-party applications to help monitor our infrastructure and ensure we maintain excellent performance, availability, and usability for our customers. A few of these services hosts outside of the EU. All the countries hosting our third-party applications obey strict and lawful standards of security. Kayako Classic is currently in the process of signing Data Protection Agreements with all our suppliers, and all of these will be in place before the GDPR deadlines.
Does Kayako Classic send my data to any third parties?
-
Yes. Kayako Classic uses third-party applications to help monitor our infrastructure and ensure we maintain excellent performance, availability, and usability for our customers. We are currently in the process of ensuring all our third-party suppliers meet GDPR requirements and we will be updating our privacy policy to give full details of all our third party suppliers with detailed information of what information we send to them and how it is processed.
Do I need to sign a Data Processing Agreement (DPA) with Kayako Classic?
-
Kayako Classic will be updating our terms and conditions, along with our privacy policy to include all the required elements of GDPR compliance. This will ensure that you can use Kayako Classic as a data processor and remain fully compliant. The signing of a specific data processing agreement is not required. However, we can also sign specific Data Processing Agreements with any customer if requested.
Should this affect my decision to choose Kayako Classic?
-
There is no need to worry about GDPR compliance with Kayako Classic. One of the specific requirements placed on an organization is that all the third parties they use to process information must be compliant with the GDPR principles and you must have a signed Data Processing Agreement which specifies which data is processed and how. Kayako Classic’s terms and conditions, along with our privacy policy, will cover all these GDPR requirements when using us as a data processor.
Does the Download (self-hosted) version also send the data mentioned above to the Kayako servers?
-
Self-hosted customers retain all of their users' data in their own server and this information is not sent to us. If one wishes to find the user information that is saved in the database, one can run Custom Reports which connect directly to your database.