hands and heart

Tools in HelpSpot to Prepare for GDPR

Written by Ian Landsman, published on 05.18.2018

The new General Data Protection Regulation (GDPR) in the European Union means new data handling and processing requirements for many of our customers. Without the proper tools, many of these tasks are cumbersome and labor intensive. At HelpSpot, we’ve released a set of tools to make it easier for your organization to gain proper data gathering consent from your customers and to respond to customer requests regarding their data in HelpSpot.

Form Submission Privacy Policy and Terms of Service

The HelpSpot portal now allows for the display of and agreement to a Privacy Policy and Terms of Service before a customer request can be submitted.

These settings are found in Admin > Settings > Portal. Two new settings allow you to set URLs for where your Privacy Policy and Terms of Service are hosted. If you don’t have these externally hosted, you can create them as knowledge base pages and then link to them.

After adding one or both of these URLs, a checkbox will be displayed on your portal forms that asks your customers to agree to the Terms of Service and Privacy Policy before proceeding.

If you are using a customized request.tpl.php template, you will need to update that template in order to allow the checkbox to be properly displayed. This new code needs to be added immediately following the captcha include:

Customer Information Deletion and Export

HelpSpot now includes a new Admin screen that allows for the export and deletion of customer data. This new menu option is called Customer Tools and can be found in the left-hand menu. Customer Tools provides two main functionalities: deletion and export.

Part of GDPR requires that you be able to provide customers an export of the data you have regarding them. The export option in Customer Tools exports all requests details and public notes, as well as public attachments for the entered customer email address. This export is generated as a ZIP file that you can download and sent to the customer.

Customer information deletion has a few more options, as it can be used not only to comply with GDPR, but also to handle purging sensitive information such as passwords, PHI, and payment information that accidentally makes its way into HelpSpot. All deletions done through this screen are permanent, so it is important to make sure you select the right data to delete.

Customer information can be deleted at the individual request note level. Request note IDs can be retrieved by using the request note menu next to each note.

When you delete a request note, that individual note along with any attachments in that note will be deleted from HelpSpot.

Moving one level up, an entire request ID can be deleted from HelpSpot by providing the request ID. All notes, history events, and attachments pertaining to this individual request will be deleted.

Finally, customer information can be deleted based on customer ID or customer email address. This will delete all requests and attachments found for this customer in HelpSpot. This final option is most likely the one you will need specifically for GDPR customer information deletion requests.

Other Changes

These enhancements to HelpSpot will help you comply with GDPR in your organization. In addition, UserScape’s Privacy Policy has been revised to meet GDPR requirements.

UserScape is also privacy shield-certified. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

In addition, UserScape, Inc. has a Data Processing Addendum (DPA) available if your legal team determines that one must be signed.

Get started with HelpSpot
Manage your support email, organize your help desk,
and improve your customers experience.