Tools in HelpSpot to Prepare for GDPR
The new General Data Protection Regulation (GDPR) in the European Union means new data handling and processing requirements for many of our customers. Without the proper tools, many of these tasks are cumbersome and labor intensive. At HelpSpot, we’ve released a set of tools to make it easier for your organization to gain proper data gathering consent from your customers and to respond to customer requests regarding their data in HelpSpot.
If you are using a customized request.tpl.php template, you will need to update that template in order to allow the checkbox to be properly displayed. This new code needs to be added immediately following the captcha include:
Customer Information Deletion and Export
HelpSpot now includes a new Admin screen that allows for the export and deletion of customer data. This new menu option is called Customer Tools and can be found in the left-hand menu. Customer Tools provides two main functionalities: deletion and export.
Part of GDPR requires that you be able to provide customers an export of the data you have regarding them. The export option in Customer Tools exports all requests details and public notes, as well as public attachments for the entered customer email address. This export is generated as a ZIP file that you can download and sent to the customer.
Customer information deletion has a few more options, as it can be used not only to comply with GDPR, but also to handle purging sensitive information such as passwords, PHI, and payment information that accidentally makes its way into HelpSpot. All deletions done through this screen are permanent, so it is important to make sure you select the right data to delete.
Customer information can be deleted at the individual request note level. Request note IDs can be retrieved by using the request note menu next to each note.
When you delete a request note, that individual note along with any attachments in that note will be deleted from HelpSpot.
Moving one level up, an entire request ID can be deleted from HelpSpot by providing the request ID. All notes, history events, and attachments pertaining to this individual request will be deleted.
Finally, customer information can be deleted based on customer ID or customer email address. This will delete all requests and attachments found for this customer in HelpSpot. This final option is most likely the one you will need specifically for GDPR customer information deletion requests.
UserScape is also privacy shield-certified. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
In addition, UserScape, Inc. has a Data Processing Addendum (DPA) available if your legal team determines that one must be signed.