Last updated - June 18, 2018
The GDPR has taken eCommerce sector by storm. All kinds of businesses are striving to ensure the best compliance without drastically affecting their features. Here is an article that would help you with the requirements for GDPR. One class of software tools that definitely deals with a lot of user data, both personally identifiable and non identifiable, is help desk software. This article takes a deep look at the impact on help desk software tools in particular. We kind of want to point out how an on-premises helpdesk software would be relatively hassle free, compared to the risks and security vulnerabilities of a cloud-based system. This article intends to point out the specific aspects of GDPR compliance that become more easily achievable with an on-premises software.
How cloud and on-premises helpdesk systems fare in regards to GDPR compliance challenges?
In this article, we will do a comparison on how cloud systems and on-premises systems compare in various aspects that are relevant to the GDPR compliance.
Data ownership
First and foremost is data ownership. When you are using a cloud-based system for your helpdesk, are you really the sole owner of your customers’ data? This is a fact that you need to work out in the contract that you sign with the service provider. In the case of a cloud-based help desk system, the service provider will be the data processor and you will be the data controller. You have to ensure that your company retains the full ownership of your data including your customers’ personal data.
On the other hand, when it comes to an on-premises software, there is no such confusion. You are the full owner of your data, and you can be more clear about this in communication with your customers. Being able to clearly tell your users about how you are storing and using the data collected from them is an important concern with the GDPR.
Control over security requirements
If you are not clear about the ownership of your company’s and customers’ data, you cannot ensure its security too. This is another challenge when you use cloud-based SaaS systems. In the GDPR terms, you, the business owner, will be the data controller, and SaaS provider will be the Data processor. In fact, in such a scenario, the major responsibility of ensuring the protection of the data falls on the data processor. However, as the data controller, you can also be held accountable for any lapses in security. The only solution here, if you are using a cloud based SaaS, would be to check the terms and conditions thoroughly.
The uncertainty surrounding the protection of data is completely nullified in the case of an on-premise software. However, you have to ensure that you have all the latest security requirements implemented, and working smoothly. Since you have full control over your company’s data, ensuring all security protocols are followed would be easier.
Location specificity on data storage
When you are using a cloud service provider, chances are high that your data is stored in multiple locations. This means that you might have to adhere to data protection laws applicable to different countries. For example, there might be chances you are storing personal information of one of your customers (EU citizen), outside the EEA (European Economic Zone). Where the data is processed makes a difference in the GDPR. Such cases can prove to be big hassles if you are not defining a thoroughly thought out data protection plan considering multiple storage locations.
In the case of using an on-premises software, you have no such worries. Your customer’s data will be stored on your site’s database. The complexities surrounding data localization laws are thus reduced to an extent.
Data retention
Data retention is another important aspect in the GDPR. You need to clarify to the customers how long you are going to retain their data. And when this specified time period ends, you have to delete the data. This part is easier if you consider using an on-premises software. For example, you can see here how WooCommerce provides a pre-defined process to delete unnecessary personal data of customers.
Now, this can get really troublesome in a cloud-based system due to the above mentioned reasons. Data might be stored in multiple locations and the service provider might have to comply to multiple retention laws. That means you don’t have real clarity when you receive a request from a user to delete their data. You might be able to delete the locally stored data, but what is in cloud might be a little confusing. That means before opting for a cloud service provider, you have to find out how they are managing the whole data retention process.
Breach notifications
The GDPR clearly states how business owners need to notify their users within 72 hours in case of a data breach. This process is not so straightforward if you are using a cloud-based system. First of all, your cloud-based service provider should inform you about the breach, and then it falls on you to inform your customers. And, it will be your responsibility to ensure this when you choose a cloud-based service provider. In the business contract, you have to set clear terms to define a breach events and the necessary steps to be taken. Basically, you will have to ensure that the service provider informs you about any breaches without delay.
Portability of user’s data
One of the major points to be noted regarding the GDPR is the ability to export your user’s personal data if you get a request from the user. As the data controller, you should be able to export user data in a structured and readable format. When you opt for a cloud service provider, all you can do is to make agreements with them in regards to how they are going to make this possible. On a practical note, this is not easy with a lot of cloud service providers, as there might be several technical roadblocks you may have to bear with. For example, importing tickets from a cloud-based help desk software can be an arduous task, if you don’t have the technical knowledge or resources.
Such concerns are really not there if you are in an on-premises environment like that of WordPress and WooCommerce. You can easily import customer data from your WooCommerce site, after verifying the authenticity of the request in a simple process. As far as help desk software is concerned, WSDesk is an on-premises option that allows easy portability of user data.
Third party access to user data
Another challenge that you might constantly face when you try to comply to the GDPR is how third party tools can access your customers’ data. There might be third party services like payment gateways that can access your company’s data as well as the personal information of your customers. You have to clearly specify which all third party services are accessing the personal data of your customers and for what purpose. And, if you are saving any personal data of customers, you have to define a time period with which you will retain the data.
Again, this part is fairly straightforward when it comes to using an on-premises software. However, when your data is controlled by a cloud-based service provider, the scenario is somewhat vague. You really don’t know what all third party services are accessing your data through them, legitimately or not. This can add further challenges to an eCommerce store owner using cloud based help desk software.
Ensuring data protection and risk management
According to the GDPR, you as the data controller, has responsibility to protect the personal data of your users. When you enter into a service contract with a cloud service provider, you need to find out what measures has been taken to ensure data protection. You need to understand if the provider is retaining any of your customer’s personal data for any purpose. If they are, you are responsible to inform your users regarding that. Also, you might need to perform risk assessment audits to ensure your customer data is safe. Such things can become quite a handful, particularly if your is a small business.
Changes in technology
For GDPR compliance, you have to notify users of any changes that might impact the way their personal data is handled. Any technology changes on the cloud service provider’s environment can have a considerable impact. So, it is important to make sure that the service provider informs you about any such changes.
When you are using an on-premises software, this aspect is pretty easy to tackle, as you have a pretty picture on the impact of the change.
Looking for an on-premises help desk software?
As mentioned earlier, a help desk software has quite an impact in this scenario. Opting for an on-premises helpdesk software might be a sensible decision to take. In view of GDPR compliance, we will recommend a hassle-free WordPress help desk software that you can try – WSDesk.
What is WSDesk?
It is a popular WordPress helpdesk plugin that has a large range of intuitive features to help you provide great support to your customers. It has a simple interface and advanced features like workflow automation and action triggers. This might be a great option for those thinking to move away from cloud-based SaaS providers. WSDesk even has an easy option to export tickets from other helpdesk systems.
How WSDesk helps with GDPR Compliance?
As WSDesk is an on-premises option, the GDPR compliance is more direct. There is no dependency and associated problems when it comes to factors like right to access, right to forget, etc. These aspects can be handled smoothly with the GDPR compliant features of WordPress, WooCommerce, and WSDesk. Let’s take a quick look.
Sole ownership of data
When you purchase and install WSDesk on your site, you are the sole owner of the plugin, and all your customer data will be stored in your website’s database. In fact, WSDesk has no access to your customer information. This removes any doubts or confusion regarding the ownership and control of customer’s personal data.
Data portability
It provides easy options to export ticket data based on any specific customer request, or to migrate from one system to another.
Data deletion
Similar to data port requests, if you get a request to delete data, you can easily do so with WSDesk. You can delete tickets individually or in bulk. And, if you want to delete user information, you can do that from the WordPress navigation panel. However, please note that simply deleting a user from your WordPress site won’t delete the ticket conversation. You have to delete tickets separately.
Conclusion
GDPR compliance might be quite uncertain for you if you are using a cloud-based SaaS provider. Particularly, for a help desk software, there will be lot of customer information available including personal data. Ensuring that the third party cloud provider complies to all the requirements might prove to be a real challenge for store owners. This can get especially tough if yours is a small business. Opting for an on-premise help desk software can be a great option to reduce the hassles of GDPR compliance. In this article, we have introduced you to a popular WordPress help desk plugin. Hope GDPR compliance is a lesser hassle for you with the help of this plugin. Let us know how you deal with GDPR compliance for your online store.
