EU Data Protection (GDPR): Zoho Desk's Readiness

EU Data Protection (GDPR): Zoho Desk's Readiness

The GDPR is here.
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which came into force on May 25, 2018. Simply put, EU residents will now have a greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data.

Data Collection – beyond compliance
At Zoho Desk, we believe that GDPR is a force for good. We have always honored our users' right to data privacy and collection. We have never relied on advertising as a revenue stream. We have never served ads to our users, and never will. This means that we have no necessity to collect and process users' personal information beyond what is required for the functioning of our product. It's been this way ever since we came into business – long before GDPR.

Zoho Desk's GDPR Readiness
Everything starts with setting a clear strategy and rules on how to process Personal Data. Here is how we're actively prepared for the GDPR.

Data Security
Zoho Desk has security built into every layer of the product. In particular, we have demonstrated our commitment to data privacy and protection by meeting the industry standards for ISO 27001, and SOC 2 Type 2. We believe it offers customers the highest forms of independent assurance available concerning security compliance. Also, we recognize that the GDPR will help us move towards the highest standards of operations in protecting customer data.

Data Hosting (Locality)
Zoho servers are located in the most secure types of data centers in US, EU, IN, AU and CN. The region in which we host your service data depends upon the domain on which you registered your Zoho Desk.
The table below lists the different domains and their data hosting locations:

Account Registration Domain
Hosting Region (Data Center)
desk.zoho.com
US (United States)
desk.zoho.eu
EU (European Union)
desk.zoho.in
IN (India)
desk.zoho.com.au
AU (Australia and New Zealand)
desk.zoho.com.cn
CN (China)

As part of our GDPR compliance journey, we can perform migration of service data between any of our data centers starting May 2018. This migration is carried out on customers' request and may take up to five (5) business days from the date of the commencement of such migration. Also, we do not expect any downtime to services during the data migration.

Data Encryption
All data transmissions during backup and in-flight are encrypted using Transport Layer Security (TLS) 1.2 protocols. We also use the latest and secure ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption. These ensure that your Zoho Desk data is protected from unauthorized access, disclosure, or modification.

By default, sensitive data such as passwords, auth tokens, ticket conversations, attachments, etc., are encrypted. Additionally, you can encrypt custom fields that add an extra layer of security for data like credit card numbers and personally identifiable information that your company might define as requiring additional protection. We believe our stringent physical controls at data centers and transit-level encryption ensure your data stays protected.

Data Access
Zoho Desk provides options to access all the data collected.
The table below lists the different types of information and how users could access them:

Information Type
Description
Agent Profile
Agents can view their profile information like email address, phone, etc., under Setup → Personal Settings  My Information.
End User Profile
End Users can view their personal information like name, email address, tickets, etc., under My Information tab in Help Center.
Comments and Attachments
End Users can view their ticket's comments and attachments under My Tickets tab in Help Center.

Data Rectification
Customers can edit all of their personal information except the email address. We don't allow you to edit email address since it is the unique identifier of the primary contact. However, we could assist you in replacing the email address associated with your Zoho Desk account. You can write to us to request a replacement.

Data Deletion
We have appropriate methods in place to erase service data from within the interface. You can delete your data by exercising the Delete option. Additionally, you can anonymize a deleted agent, in adherence with the right to be forgotten that's outlined in GDPR. This means that there will be no trace of their personal data across the product.

Data Portability
Zoho Desk provides options to obtain your service data from the account. You can exercise the export option provided for each module. The exported data is presented in CSV format. We also offer a free one-time bulk export from the back end on request.

Data Retention
The data retention period in Zoho Desk is 60 days. When you delete files, they are moved to the Recycle Bin. The files here stay for 60 days upon deletion, and you could restore it if you need to. After that, they will be deleted from the Recycle Bin and database.

Data Disclosure
Data disclosure defines the level of access so that only authorized users can access, alter, or delete service data. Profiles in Zoho Desk help you assign permissions for a set of users. Also, customers can set Data Sharing rules and set Field-level permissions to define the extent of access to the service data.

Data Audit
Data audits help you secure your system and monitor for unexpected changes or usage trends. We will soon be providing you with audit logs as part of our GDPR compliance-enabling feature. These audit logs will offer information about every add, update and delete made to your database records in a comprehensible and user-friendly format.

FAQs
1. What is Service Data?
Any information (includes personal data) used, stored or transmitted via Zoho Desk is referred to as Service Data.

2. Who is the owner and controller of the data I store in Zoho Desk?
The customer is the controller and the owner of data throughout the time they are subscribed to Zoho Desk. Customers are provided with tools necessary to exercise their right to be in control of their data. Zoho Desk is a processor that carries out all processing operations based on the Controller's instructions.

    • Related Articles

    • Exporting Help Desk Data

      Zoho Desk allows you to export and take a backup of all your helpdesk data in a few simple steps. The Export Data feature allows you to export data (in CSV format) from individual Zoho Desk modules. After exporting the data, you can further validate ...
    • Why Zoho Desk?

      On-demand & Web-Based Zoho Desk, an on-demand, web-based help desk software allows your agents to engage with customers and deliver satisfaction in the fastest and easiest way. And because it's all on the cloud, lesser the cost of installation and ...
    • Assisted Data Migration Guide

      Whether you’re moving from a cloud-based or on-premise system, you’ll need to find an efficient method of migrating your data to Zoho Desk. Our dedicated migration team can help you migrate your data safely and ensure your help desk operation is up ...
    • GoToWebinar for Zoho Desk

      Webinars help give product demos and make a great tool for customer support. The GoToWebinar extension for Zoho Desk helps support agents explain their product efficiently through webinars, allowing them to resolve support tickets faster. With this ...
    • Backing up your Help Desk Data

      Even with the best intentions, administrators and agents have seen incidents where they have either deleted important data or modified records, only to realize that it was by mistake. This is why it's so important to have a copy of your help desk ...