The General Data Protection Regulation (GDPR) is a European privacy regulation that aims to strengthen the security and protection of personal data in the European Union (EU).
Zendesk customers that collect and store personal data of EU citizens are considered data controllers under the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law.
The guide describes how certain features and functionality in Zendesk products can assist with your obligations as a GDPR data controller under GDPR. Zendesk is considered a third-party data processor under the GDPR because it handles the personal data of its customers' end users.
See the following articles in this guide:
- Complying with GDPR in Zendesk Support
- Complying with GDPR in Zendesk Insights
- Complying with GDPR in Zendesk Guide
- Complying with GDPR in Zendesk Chat
- Complying with GDPR in standalone Chat accounts
- Complying with GDPR in Zendesk Talk
- Complying with GDPR in Zendesk Explore
- Complying with GDPR in Zendesk Bime
- Complying with GDPR in Zendesk Connect
For instructions on deleting a user's personal data in Zendesk products, see Forgetting a user in Zendesk.
For more information on GDPR and Zendesk, see EU Data Protection on the Zendesk website.
What is personal data
Personal data is any data that can be used to identify an individual. Obvious examples include an email address, a phone number, or a social security number. Personal data may also include any data that could be used indirectly to identify an individual. For example, a person's nickname such as "Gerry" may not be personal data because many people may have the same nickname. However, if the nickname can be combined with other data such as a work address, the nickname could be considered personal data because it helps identify the individual.
Your organization needs to decide what is personal data. Is it simply an email address or phone number, or do you further disambiguate using a combination of identities or attributes? This decision is up to you.
If you’re not sure whether or not a piece of information is personal data, it’s best to err on the side of caution. Another option is to seek legal advice.
The following terms are sometimes used in this document.
Soft deleting an item deletes the item such that it is not visible to any users, including admins using either the product interface or the API. The item is still in the Zendesk database and accessible by Zendesk on a limited basis only to its employees with certain database privileges.
Hard delete, permanently delete, scrub
Hard deleting or scrubbing an item permanently deletes the item. The item is completely removed from the Zendesk database. No one, including Zendesk employees with database privileges, can access the item any longer.