Overview

The General Data Protection Regulation (GDPR) is the result of many years of work by the European Union to bring data protection legislation into line with new, previously unforeseen ways that personal data is now used and processed around the world. This article provides details about the essential definitions on this topic, how to identify this information. 

Information

When did GDPR come into effect?

The GDPR applies to all EU member states as of the 25th of May, 2018.

Does GDPR affect my company?

Almost certainly. Any company that stores or processes personally identifiable information for EU residents will be responsible for complying with the new regulations, even if that company is not based in the EU. 

Will I be GDPR compliant when using Kayako as a data processor?

Yes. We have completed our GDPR compliance. Which means that you will be compliant when using Kayako as a data processor for your GDPR compliance.

Does Kayako store Personally Identifiable Information (PII)?

Yes. PII data is considered any information you store, which can uniquely identify an individual either directly or indirectly. Kayako stores various pieces of user information that could be counted as PII data.

What PII data does Kayako store?

Kayako stores various pieces of user information that could be counted as PII data including, but not limited to:

• Full Name
• Email Address
• Twitter Handle
• Facebook ID
• IP Address
• Phone Number

Note: If you use custom fields within Kayako, it is also possible that those could be considered as PII data if they can uniquely identify an individual.

Does any of my data leave the EU?

Yes. Kayako uses third-party applications to help monitor our infrastructure and ensure we maintain excellent performance, availability, and usability for our customers. Some of these third-party services are hosted outside of the EU. All of our third parties are hosted in countries which obey strict and lawful standards of security. Kayako has signed Data Processing Agreements with all our 3rd Parties.

Does Kayako send my data to any third parties?

Yes. Kayako uses third-party applications to help monitor our infrastructure and ensure we maintain good performance, availability, and usability for our customers. 

Do I need to sign a Data Processing Agreement (DPA) with Kayako?

We have updated our data processing agreement, along with our privacy policy to include all the required elements of GDPR compliance. This will ensure that you can use Kayako as a data processor and remain fully compliant. This will not require the signing of a specific data processing agreement. However, we can also sign specific Data Processing Agreements with any customer if requested.

Should this affect my decision to choose Kayako?

There is no need to worry about GDPR compliance with Kayako. One of the specific requirements placed on an organization is that all the third parties they use to process information must be compliant with the GDPR principles and you must have a signed Data Processing Agreement which specifies which data is processed and how. Kayako’s data processing agreement, along with our privacy policy. Covers all these GDPR requirements when using us as a data processor.