Jump to content

GDPR compliance


Recommended Posts

With the new GDPR https://en.wikipedia.org/wiki/General_Data_Protection_Regulation coming up on May 25th. How does Hornbill Service Manager deal with if a customer wants to be "forgotten"?

Will references to them be anonymized since we will still need the ticket history?

Also, since GDPR also takes into account non-structured data, is there any way to find/change/delete references to a specific person within the ticket free text?

Link to comment
Share on other sites

  • 4 weeks later...

Hi,

We are still looking at GDPR in conjunction with the legislation being formalised. We actually don't know how far the "right to be forgotten" goes, or weather or not there is even a requirement to "forget" someones actual name in relation to prior data, especially knowledge data.  For example, many companies use peoples names as a makeup for e-mail address, I find it unimaginable that it would be practical to anonymise recipients in emails stored in peoples mailboxes, that will be even more impossible to achieve when people hold personal archives or older emails in PST files etc.

So taking a more pragmatic viewpoint one might look at the spirit of the "right to be forgotten" meaning, its more leaned towards "forget me when you try to communicate with the world, I am no longer interested" as opposed to "annonymize me so that no one will ever know it was me that sent any emails still on your systems".   Likewise I cannot see how a company would discard an important whitepaper written by someone who subsequently exercises their right to be forgotten, it just does not make sense.  The legislation talks about the right of erasure in conjunction with "further processing" and weather or not the processing of said personal data is causing harm or distress, I very much doubt that holding information that someone has willingly contributed to a knowledge pool (such as collaboration, email, white papers of service tickets) would ever fall into that category, I personally think it would be fine to continue with someones name attributed to a piece of work they undertook.  Of course like most government legislation, the EU committees have done their level best to make it all as ambiguous as humanly possible.  This is quite a good overview: -

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/the-right-to-erasure/

In any case, so as far as Hornbill is concerned, all users (and contacts) are represented by an ID, specifically a URN which relates back to a profile record. So the basics of removing someones profile image and changing their display name/handle in their archived profile would actually do the trick, in that regard I do not think any specific functionality is required to meet the right to be forgotten requirement, its simply and administrative function to edit the individuals archived profile.  Of course we could, and will probably add a button to "Anonymize this User" but thats really just sugar on top of something you can already do in about 10 seconds.  As things become clearer in terms of our customers specific obligations under the GDPR legislation we will of course make product changes to assist with this where it makes sense to do so. 

Happy to expand on this conversation. 

Gerry

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...