Should I get customers’ consent to use Help Desk Migration service and comply with GDPR?
One of our customers had this question:
“Are you a "data processor" for the data passed in the migration service? If PII is included in tickets, etc, do we need to notify our customers of this?“
Since GDPR may be a little confusing, we decided to give an exhaustive answer.
For starters, yes, Help Desk Migration is a data processor. According to the definition, you (our client) are the data controller since you collect and decide how to process data. Help Desk Migration, processes data on your behalf (because you choose whether to migrate or not to migrate data.)
Should you get consent from your customers?
Yes, you should. The GDPR obliges the data controller to inform the data subject that their personal data may be processed by a third-party processor.
The simple way to do it is to update the agreement between you and your customer.
We would like to note that only authorized personnel of Help Desk Migration gets to work on data migrations. And we take all necessary measures to protect your data.
Should you have any questions? Leave us a message.