CDESK is ready for GDPR

25. May 2018

CDESK allows you to work with personal data in compliance with the EU regulation known as GDPR (General Data Protection Regulation), effective from May 25, 2018. The new generation CDESK 3.xx includes features that effectively help in solving GDPR issues

CDESK features that help with GDPR


CDESK 3.0 – an overview of features related to GDPR:
  • Control of data access in a detailed structure.
  • An audit module that logs user activity to prevent data leakage (if a leak occurs, its range can be determined).
  • Structured lists of data for each subject (in relation to a contact), full-text search throughout the system.
  • Export of data in a structured form to ensure data portability.
  • Enhanced control of outgoing CDESK information (blocking notifications of various kinds) to accommodate the objection to the range of outgoing mails.
  • Using only encrypted transmissions to / from CDESK.
  • Optional disabling of individual modules where personal data is located (eg Address Book, Requirements).
Upcoming features:
  • A consent management module that you can use in conjunction with your Contacts Database. Registering consents that come from different sources can be difficult. Therefore, CDESK will soon be able to store consents in a simple way, record the scope of consent and use it to build campaign recipients or other activities. Also, you will not have trouble to demonstrate the consent or process its appeal.
  • Optional password rotation.
  • Optional double authorization when entering the system.
  • Archive of deleted data with adjustable retention and possible immediate permanent deletion (for enforcement of the right to “forgot”).
  • Depending on the purpose for which you are using CDESK, it will be possible to add notifications of your obligation to announce the processing of personal data (you normally do not need it, because when the data is processed for the purpose of performing the contract / order, you inform about it in the relevant document, eg in a Contract or in a Privacy Statement).
  • Measures for automatic data deletion/retention.

We will continually respond to suggestions from practice and add additional functionality, when needed.

Liability and data processing agreement

The Controller is responsible for the protection of personal data. This implies that if you provide services to your customers in your name, you are the “Controller”. We are your supplier who processes data on your behalf. Therefore, in terms of GDPR terminology, we are the “Processor”.

What does it mean? If you have your customers’ personal data stored in CDESK, we recommend that we sign a data processing agreement. We have a proposal ready for you.


CDESK and your GDPR project

In normal use, CDESK contains personal data, i.e. information on the basis of which it is possible to identify a person, e.g. name, surname, address, contact details (email, phone), IP address, etc. If CDESK is used as a helpdesk to which also your customers can enter data, it means further input of personal information. All this information can have a serious social impact on the person concerned.

We therefore recommend you to include CDESK in your GDPR project:

  • Describe the scope of processed personal data.
  • Describe which data you process manually and which automated way.
  • Consider whether you need all the data and whether it is adequate for the purpose (so-called “minimizing the amount of processed data “).
  • Determine the legal basis of the processing (performance of the contract, legitimate interest, consent of the person concerned, legal processing, etc.).
  • Identify authorized persons, i.e. employees who have access to the data.
  • Train authorized persons and record the transfer of responsibility in writing.
  • Consider who needs access to the data (“minimizing access”).
  • Determine the data retention/deletion time.
  • Legitimate takeover with supplier and support provider that processes personal information on your behalf. In the case of CDESK, it is the above-mentioned data processing agreement with our company.
  • If you provide services through CDESK for clients, we recommend to add an agreement with data processing to your contracts and order forms, which will include CDESK (this may be part of your “Privacy Statement”).
  • Describe how data is technically protected (especially if you provide on-premises solutions).
  • Prepare a procedure for the fulfillment of the data-subjects’ rights.