A Zendesk Chat account can be created in Zendesk Support or can exist as a standalone account. This guide describes how features and functionality in standalone Chat accounts can assist with your data controller obligations under GDPR. For Chat accounts created in Zendesk Support, see Complying with GDPR in Zendesk Chat and Message.
In standalone Chat accounts, both agents and end users are managed in Chat.
To learn more about GDPR, your role as data controller, or meeting your obligations in other Zendesk products, see Complying with GDPR in Zendesk products.
Topics covered in this article:
Meeting the access obligation
Each EU citizen has a right of access. On request, you have an obligation, as a data controller under GDPR, to inform an end user or agent (often referred to as "data subjects" under GDPR) where their personal data is being held and for what purposes.
If you receive a request for access to personal data, you can export data as described in Meeting the data portability obligation below.
Meeting the correction obligation
Each EU citizen has a right to rectification, or the right to have inaccuracies in their personal data corrected. On request, you have an obligation, as a data controller under GDPR, to provide the data subject with their personal data and fix inaccuracies or add missing information.
To update the personal data of end users and agents, see the following topics in this guide:
You must be an admin to update end users and agents.
Updating end users
To update the personal data of an end user
- From the dashboard, select History and perform a search for the chats involving the end user.
- Select each chat in the results, click the User Info tab, and make your updates.
- Repeat step 2 for each chat involving the end user.
- In the dashboard, select Settings > Agent.
Meeting the erasure obligation
Each EU citizen has a right to erasure, or the right to be forgotten or deleted. On request, you have an obligation, as a data controller under GDPR, to delete the personal data of a data subject.
The workflow for deleting the personal data of a end user or agent in standalone Chat accounts is as follows:
- Delete chats.
- Delete the user from the account.
The order of operations is important because user data might be needed to find chats or messages containing personal data.
To delete chats
See the following topics in the GDPR article for Zendesk Chat:
To delete an agent
See the following topic in this guide:
To delete one or more agents
- Go to your dashboard and select Settings > Agents.
- Select the check box next to one or more agents.
- Select the Actions drop-down menu at the top of the list and choose Delete selected.
- Click Delete on the window that appears to confirm.
The agent is soft deleted, meaning the agent profile is no longer accessible in the user interface. It still exists in the data store. The system keeps the name to display in chat transcripts. You can remove the name by deleting the chat.
Meeting the data portability obligation
Each EU citizen has a right to data portability. On request, you have an obligation, as a data controller under GDPR, to provide a data subject with their personal data or to transmit the data to another organization.
The following topics describe how to export personal data from Chat:
Exporting visitors with the Chat API
Exporting agents with the Chat API
To export agents
Meeting the objection obligation
Each EU citizen has a right of objection, or the right to object to direct marketing. You have an obligation, as a data controller under GDPR, to stop processing personal data for direct marketing purposes when you receive an objection from a data subject.
This document is for informational purposes only and does not constitute legal advice. Readers should always seek legal advice before taking any action with respect to the matters discussed herein.