Before addressing Data Subject Requests (DSR) in the Zoho Desk, we need to understand the basic concept of the General Data Protection Regulation (GDPR) and its functions to know the importance of DSR in an organization.
General Data Protection Regulation
Regulators have created a legal framework called GDPR to deal with privacy. GDPR is a set of rules designed to provide EU residents with control over how companies across the world can use their personal data. Every organization needs to be well aware of the impact this will have on individuals and businesses dealing with EU residents' personal data.
GDPR only applies to organizations engaged in “professional or commercial activity” and not for any "personal or household activity."
Availability
Following are some key terminologies associated with GDPR:
-
Data Controller
- Someone who controls the purpose and means of processing personal data. The controller defines how the data should be put to use and why it should be used. Often, data controllers use an external service or another organization to process the data. This is where data processors come in. In this case, control over collected personal data remains with the data controller and is not passed on.
-
Data Processor
- Organizations that process personal data on behalf of the controller are known as data processors. They do not have control over what is done with the data, nor can they change the purpose of data collection. Processors get limited rights to process the data as per the instructions provided by the controller.
-
Data Subject
- The person whose personal information you collect is the data subject. In a business, data subjects tend to be your customers and employees. Personal information refers to any data that can be used to identify an individual, such as name, mobile number, email, residential address, or credit card number. This information is used by the organization to process and contact them for business.
Data Subject Rights in GDPR
The data subjects have the right to control who collects their data, how it is utilized, and for how long. The GDPR explicitly states certain rights for the data subjects in
Articles 12 to 23
.
Rights
|
Meaning
|
The Right to Be Informed
|
Individuals have the right to be informed about the collection and use of their personal information.
|
The Right of Access
|
Gives Individuals the right to get a copy of their personal information.
|
The Right to Rectification
|
Individuals have the right to correct inaccurate personal data as well as to complete incomplete personal data.
|
The Right to Erasure
|
Gives individuals the right to ask firms to delete their personal data.
|
The Right to Restrict Processing
|
Gives individuals the right to confine the handling of their personal information in specific conditions.
|
The Right to Data Portability
|
Ensure individuals can obtain, copy, move, transfer and reuse their personal information across different services.
|
The Right to Object
|
Allows individuals to ask firms to stop processing personal information about them.
|
The Right to Avoid Automated Decision-Making
|
Individuals have the right to not to be dependent upon a decision based solely on automated processing.
|
Data Subject Requests in Zoho Desk
Data Subject Requests (DSR) is a request from an individual to a data controller asking for modification or deletion of personal data held by a third party.
Zoho Desk provides a robust and scalable structure for safely processing your client's data. In Zoho Desk, you have the provision to address two types of requests based on these data subject rights:
-
Right to Access
- According to this right, data subjects can request a copy of their personal data. In Zoho Desk, you can register this request and send them a copy of the data from one or many modules. Data will be exported, and you can send it securely through your official email.
-
Right to Erasure
- According to this right, data subjects can raise a request asking the organization to delete their personal data. In Zoho Desk, you can take up this request and permanently delete the data from one or many modules.
Enable or Disable Data Subject Requests Access
Before processing the requests in Zoho Desk, first you need to collect the request from the data subjects. The requests from the data subjects can be collected either directly through a call or from a support ticket.
Once the request is collected from the data subjects, it can be either processed by an administrator or support agent. By default, the administrator has the privilege to process all the DSR requests, and support agents with the
Agent
profile have to contact the administrator to provide them access to perform this operation.
To enable/disable the DSR access to an agent
- Go to Setup > User Management > Profiles.
-
Select the
Agent
profile.
-
In the
Administrative Permissions
column, you can enable/disable the
Manage Privacy Settings
option accordingly.
These DSR requests are not department-specific, and thus the respective support agent or administrator can process the request irrespective of the department they belong to.
Export data - Respond to the right to access data
If your clients reach out requesting a copy of their data, Zoho Desk provides you with the flexibility to meet their requests via the
Export Data
option within the product. You can collect the data from all or selected modules, export it, and share it with the requested customer.
To export an individual's data from Zoho Desk
-
Click on Setup > Privacy and Security > Data Subject Requests.
-
Click
New Request.
-
Select
Request type
as
Export Data.
-
Select the appropriate
Module
and fill in the
Contact
fields as per the client's request.
-
You can also select and tag the
Reference Ticket Id
directly. (This is optional)
-
Under the
Record Details,
choose one of the following:
-
Specific Records
- Specify the criteria to filter the records that you need.
-
All Records
- Choose to view all the records associated with the contact's email address that you provided.
-
Click
Fetch Data.
The list of records will be available to choose from.
-
Select the records that you want to export and click
Submit
.
The export is initiated and once it is ready, the data is available as a request entry from where you can export the CSV file.
-
Click the
Download
icon (
) to get the file.
Delete data - Respond to the right to erasure
If your clients reach out requesting deletion of their data, you can perform this operation via the
Delete Data
option within the Zoho Desk. Please note that the deletion is permanent, and there is no way to recover the deleted data.
To delete an individual's data in Zoho Desk
- Click on Setup > Privacy and Security > Data Subject Requests.
-
Click
New Request.
-
Select
Request Type
as
Delete Data.
-
Select the appropriate
Module
and fill in the
Contact
fields as per the client's request.
-
You can also select and tag the
Reference Ticket Id
directly. (This is optional)
-
Under the
Record Details,
choose one of the following:
-
Specific Records
- Specify the criteria to filter the records that you need.
-
All Records
- Choose to view all the records associated with the contact's email address that you provided.
-
Click
Fetch Data.
The list of records will be available to choose from.
-
Select the records that you want to delete and click
Submit
.
-
Click
Delete
to confirm the permanent deletion of records.
The deletion request gets initiated, and the selected record gets deleted permanently from the system after a while.
View the list of Requests
In addition to exporting and deleting users' data, Zoho Desk provides you with the flexibility to view a history of all data access requests executed in your firm, along with their status. An administrator or authorized support agent can view these requests at any time.
To view the completed or in progress DSR requests
- Click on Setup > Privacy and Security > Data Subject Requests.
-
Select the
Filter DSR Requests
(
) icon in the top bar and specify the criteria for applying the filter.
-
Click
Filter.
You can see the list of records based on the filter you applied.