Awesome Support Documentation

Introduction To GDPR And Privacy Functions

This document outlines the functionality in the Awesome Support Help Desk plugin that will help you meet your GDPR and similar consent and privacy related obligations around the globe.

However, nothing in this document should be construed as legal advice.  Instead it is intended to be used as one source of input when discussing your GDPR obligations with your legal adviser.

Introduction

The Awesome Support WordPress Help Desk Plugin collects and stores personally identifiable information in order to help you to provide your customers with the help they require.  Data is collected:

  • On the registration screen – normally First and Last name, a user id and a password.  This is stored in the normal WordPress user tables.  You can use any WordPress GDPR tool (including those introduced with WordPress 4.9.6)  to manage this information once the registration is complete.
  • In tickets – free form information that your customer volunteers is stored in a WordPress custom post type.  Note that this can include user ids, passwords and any other information that a customer decides they would like to share with you.  You usually have no control over what information will be sent to you to be stored so you should make sure that your disclosures and privacy policy covers this random information that will be sent to you and stored with your tickets.
  • Encrypted in tickets – With the PRIVATE CREDENTIALS add-on, your users can share user ids and passwords that are then encrypted before being stored to the database.  The data is then automatically deleted when the ticket is closed.

Collecting Consent

If you choose to register your users using the Awesome Support Registration Screens, then you can configure a mandatory checkbox for the user to accept your privacy policy and terms and conditions. You also have the option to configure up to three additional check-boxes to collect additional specific consent for items related to your business.  Any of these three check-boxes can be made mandatory or optional.

The date of the user registration in the WordPress user profile will be the date that consent was given.  Or, if one of the GDPR/Privacy checkboxes is enabled then the date of consent will be logged in the user profile screen.

Providing Information At The Time Of Consent Request

One of the “best practices” for complying with the GDPR and related Privacy regulations is letting users know the reason that data is being collected at the time it is being requested.  You can add such information for each of the fields being requested on the Awesome Support Registration screen.

Removing Consent

In the event that a user needs to remove consent for a particular item there are a number of ways they can go about doing that:

  1. If the admin has enabled the PRIVACY button in the user’s dashboard AND the user granted the consent via the standard Awesome Support registration form, the user will be able to revoke consent directly from their account dashboard.
  2. The user can fill out a support ticket asking for the consent to be removed from their account.  You should have processes in place to handle this situation.
  3. The user can fill out  a contact form asking for the consent to be removed from their account.

For options 3 and 3, there is nothing that Awesome Support can do to automate that process since the specific steps that need to be taken to satisfy this request will vary with each business.

Request For Data Deletion (Right To Be Forgotten)

If a user wishes to submit a request for data to be deleted, there are a few options that you can provide to them:

  1. If the admin has enabled the PRIVACY button in the user’s dashboard they can submit a request directly from the dashboard.  If WordPress version 4.9.6 or later is installed then the user will automatically receive a confirmation request to their email address.  Otherwise, the admin will have to manually handle the request.
  2. The user can open a support ticket or send a request via a contact form asking for such.  You should have processes in place to handle this situation.  There is no automated way that Awesome Support can handle this request since it may or may not be appropriate for you to delete support tickets and other related information.

Request To View Data

If a user wishes to submit a request to view the data that you hold on them, they can open a support ticket asking for such.  You should have processes in place to handle this situation.  There is no automated way that Awesome Support can handle this request.

If WordPress 4.9.6 or later is installed, the admin can use the TOOLS->EXPORT PERSONAL DATA toolset to export data for the user.

Additionally, if the user only wants access to their Awesome Support data they can use the EXPORT option under the PRIVACY button (if the admin has enabled the PRIVACY button).

Protecting Data

Data will automatically be encrypted IF your MYSQL server has encryption turned on.  Attachments stored on your server will also be automatically encrypted IF your server has turned on file system encryption.  Attachments sent to FILESTACK using the FILESTACK add-on will be processed according to the FILESTACK terms and conditions which, if you are using, you should review as part of your GDPR process.

The Private Credentials add-on will allow your users to store any sensitive data they share with you with an additional level of encryption.  The data will automatically be deleted when the ticket is closed.  Please be aware that there is no guarantee that a user will use this area to store their credentials – they can still decide to send sensitive information via a regular ticket reply!

The PINS add-on will allow you to verify users that call-in and that request help via chat.

Limiting The Amount Of Data You Keep

One of the GDPR principles is to limit the amount of data you keep unless you have a bona-fide legal or operational reason to keep it for longer than is reasonable.  You can easily delete closed tickets using the DELETE option from the MAIN TICKET screen.  In your annual review of what data should be retained you should probably include your support tickets as a data source.

Additionally, you can edit ticket replies to remove any sensitive data that users or agents might have contributed on the ticket.  You should encourage your users to send you requests to remove sensitive data they may have inadvertently provided via tickets.

Finally, your agents should be trained to review tickets for sensitive information just before closing them – this way they can edit the tickets to remove that information immediately instead of waiting to review potentially hundreds or thousands of tickets later.

Data Portability

One of tenets of GDPR is that data should be portable between systems.  By installing the Awesome Support REST API you can provide your users access to their tickets from any other system that can access data via REST.  Not all data in Awesome Support is accessible via this API but the most important TICKET and REPLIES information is available. Note that this alone is likely NOT enough for you to comply with the GDPR requirements – you might be obligated to build out tools to actually provide the data in a  more user convenient format such as XML.

Users can also export their Ticket data using the EXPORT option available under the PRIVACY button in their Awesome Support dashboard.  And, if WordPress 4.9.6 or later is installed, the admin can use the TOOLS->EXPORT PERSONAL DATA toolset to export data for the user.

Additional Tools

You can control whether agents can delete or edit their own replies on a ticket.  Additionally you can control which roles can delete or edit any reply on a ticket.  This can help scrub tickets of sensitive information such as credit-card information or user ids and passwords that may have been submitted by the user.


Document History

07-02-2018: Added update for additional tools that will be available in version 5.2 of Awesome Support

04-25-2018: Added update for additional tools that will be available in version 5.2 of Awesome Support

04-23-2018: Initial Version