The materials available on this page are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular question you may have.
Europe’s new data protection law, the General Data Protection Regulation (GDPR), was adopted on April 27, 2016. After a two-year transition period, it will become enforceable starting on May 25, 2018.
What is GDPR?
GDPR is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the EU. This requires the following:
- Appropriate processing of end user personal data, e.g. data that can be used to identify a person or their location. To learn what personal data Helpshift collects, see What types of information does Helpshift collect from end users?
- Implementation of appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing the data.
- Compliance with individual rights requests by end users, including allowing users to access data, have their data removed, and receive data in a structured format upon request.
- Maintain records of all end user personal data accessed within your organization.
How does Helpshift help me to comply with GDPR guidelines?
Helpshift offers the following resources to help you adhere to GDPR guidelines:
Issue management: You can leverage an array of Helpshift features to help end users educate themselves about your data privacy features, reach out to your team with data privacy requests, and manage Issues related to data privacy so your team can follow up accordingly. To learn more, see How can I use Helpshift to manage inquiries from end users related to data privacy?
Data redaction: We’ve implemented a process by which Admins can request to have Issue or user data redacted per GDPR regulations. To get started with this process, see How do I submit a redaction request for Issue or end user data?
Data portability: We offer REST APIs which you can use to submit a request for a copy of Issue or user data per GDPR regulations. To get started, see How do I provide end users with a copy of their personal data per their request?
Standard Contractual Clauses (SCCs): Since the Schrems II decision announcement in July 2020, Helpshift has updated its processes with regards to treatment of Trans-atlantic data transfers. Data transfers from the EU to the US are covered by the incorporation of Standard Contractual Clauses (SCC’s) within the Data processing agreement with the Customer. These clauses are promulgated by the European commission and are currently the mechanism in place at Helpshift to treat cases of EU-US data transfers. However we also do engage with some customers who request review of our data security policy and standards, as the SCCs are only an interim mechanism and may be subject to amendment.
DPA (Data Processing Addendum): The DPA is supplemental to the Agreement, and sets out the roles and obligations that apply when Helpshift processes personal data which falls within the scope of the GDPR on your behalf, in the course of providing the Helpshift Services.
To request a copy of our DPA, contact us at firstname.lastname@example.org.