Start a conversation

General Data Protection Regulation (GDPR) and Kayako

What is GDPR?

The General Data Protection Regulation (GDPR) is the result of many years of work by the European Union to bring data protection legislation into line with new, previously unforeseen ways that personal data is now used and processed around the world.

When does it come into effect?

The GDPR will apply in all EU member states from 25 May 2018.

Will GDPR affect my company?

Almost certainly. Any company that stores or processes personally identifiable information for EU residents will be responsible for complying with the new regulations, even if that company is not based in the EU. 

Will Kayako be GDPR compliant by the deadline?

Yes.

Will I be GDPR compliant when using Kayako as a data processor?

Kayako is currently in the process of completing our own GDPR compliance and this will be completed before the GDPR deadlines. This will mean that you will be compliant when using Kayako as a data processor for your own GDPR compliance.

Does Kayako store Personally Identifiable Information (PII)?

Yes. PII data is considered any information you store which can uniquely identify an individual either directly or indirectly. Kayako stores various pieces of user information would could be counted as PII data.

What PII data does Kayako store?

Kayako stores various pieces of user information would could be counted as PII data including, but not limited to:

  • Full Name
  • Email Address
  • Twitter Handle
  • Facebook ID
  • IP Address
  • Phone Number

NOTE: If you use custom fields within Kayako, it is also possible that those could be considered as PII data if they are able to uniquely identify an individual.

Does any of my data leave the EU?

Yes. Kayako uses third-party applications to help monitor our infrastructure and ensure we maintain good performance, availability, and usability for our customers. Some of these third-party services are hosted outside of the EU. All of our third parties are hosted in countries which obey strict and lawful standards of security. Kayako is currently in the process of ensuring we have signed Data Processing Agreements with all our 3rd Parties.

Does Kayako send my data to any third parties?

Yes. Kayako uses third-party applications to help monitor our infrastructure and ensure we maintain good performance, availability and usability for our customers. We are currently in the process of ensuring all our third-party suppliers meet GDPR requirements and we will be updating our privacy policy to give full details of all our third-party suppliers with detailed information of what information we send to them and how it is processed.

Do I need to sign a Data Processing Agreement (DPA) with Kayako?

Kayako will be updating our terms and conditions, along with our privacy policy to include all the required elements of GDPR compliance. This will ensure that you can use Kayako as a data processor and remain fully compliant. This will not require the signing of a specific data processing agreement. However we can also sign specific Data Processing Agreements with any customer if requested.

Should this affect my decision to choose Kayako?

There is no need to worry about GDPR compliance with Kayako. One of the specific requirements placed on an organization is that all the third parties they use to process information must be compliant with the GDPR principles and you must have a signed Data Processing Agreement which specifies which data is processed and how. Kayako’s terms and conditions, along with our privacy policy will cover all these GDPR requirements when using us as a data processor.

Choose files or drag and drop files
  1. Gary McGrath

  2. Posted
  3. Updated
Was this article helpful?
Yes
No