In May 2018 the General Data Protection Regulation legislation went into effect. GDPR is the toughest privacy and security law in the world. Using native Zendesk makes it almost an impossible task to comply to the GDPR legislation. For this reason, we have created GDPR: Search & Destroy. Enabling our app helps your company become GDPR compliant in the best possible form.

The GDPR: Search & Destroy helps you achieve you the following

Create a recurring deletion process
Create a single deletion process based on your specific needs.
Create multiple deletion processes based on your specific needs.
A Happy Data Protection Officer ;-)

Examples

How to set a default retention period of 12 months

Setting up a default retention plan is the most common use case for GDPR: Search & Destroy.
You can set this up by following these 3 steps.

Create query/task: solved<1years status:closed
Select action: Delete ticket & delete ticket requester
Make sure that Recurring is checked when you process the task

Customer requests to delete all his data

In case you have the need to delete all your data you can use the following query & action.

Query: updated>"(starting date Zendesk)"updated<"(current date)"
Action: Delete requester & delete tickets
Select: Permanently delete

Important note

Zendesk's API has certain limitations. It is possible that your search query does not lead to any results even though your query is correct. When this happens, we advise to insert queries in batches per year.

An example can look like this.

updated>"2021-01-01"updated<"2021-12-31"

updated>"2020-01-01"updated<"2020-12-31"

Delete every user that hasn't requested a ticket over 3 years

Create query/task: created<3years
Select action: Delete ticket & delete ticket requester
- This will ensure that the ticket requester is not deleted if the ticket requester has created a ticket within the last year.
Make sure that Recurring is checked when you process the task

Easily delete tickets with a specific keyword or tag

If you are GDPR compliant you need to have a clear process in place on when and how to delete your clients data.

Article 17 of the GDPR - " Right to erasure" is a good example of needing this process to be in place.

Every once in a while you get the request from a client to delete their data. In practice this can be a painful process for the data controller. In some cases it means having to manually delete the clients data in many tools. Click here for the full article

Introduction

The GDPR: Search & Destroy app serves 1 purpose; custom deletion of users & tickets. It is possible to execute a 1 time deletion process or set-up a recurring deletion process.

In this introduction you will learn how to use the user-interface.

When opening the app, you immediately have the option to add a task. Creating a task is basically the same as setting up a rule in order to execute a ticket deletion process. You can set up this rule based on your specific needs.

Actions

Under actions you can click on Search Query to create your first task.

You will then be redirected to the page where you can insert your query

The search query functionality works with the same logic, as Zendesk's native search functionality.

Once you have inserted your query you will be able to see the tickets and process the deletion.

You will then be prompted with a screen which will allow you to apply the following settings.

Give your task a name
Select an action
- You have the option between three different deletions.
  
  Delete Ticket
  
  When applied, the ticket will be deleted but the user will remain untouched.
  
  Delete Ticket & Ticket requester
  
  The ticket requester and the ticket will be deleted but only if the ticket requester has 0 other tickets.
  
  Delete Ticket requester & delete tickets.
  
  When applied both all related tickets to the client and the ticket requester will be deleted.
Would you like to set-up a recurring task?
- If you check "Recurring" the task will then automatically saved.
Do you want to permanently delete?
- In practice, when permanently delete is clicked, a hard delete is performed. The data will immediately be deleted.
- When permanently delete is not checked, a soft delete is performed. This means the data will be stored for 30 days on Zendesk servers but will not be accessible for you the end user anymore.

Click confirm in the bottom right corner to execute the deletion process.

Activity

Current Queue

The Current Queue will give you an overview of what is going to be executed in the future or what is currently running.

History

By clicking on the History you can get an overview of everything that has been executed in the past. It might also be beneficial to share this information with your data security officer.

Settings

Tasks

Under Tasks you can have an overview of all your active and inactive tasks. It is also possible to edit or remove an existing task. Also, you have the option to create a new task.

Frequently asked questions

How does GDPR: Search & Destroy run in the background?

The GDPR: Search & Destroy app runs in the background of your Zendesk admin. Please note that it will not work in the background of a Zendesk agent.

How does the app handle large volumes?

The app is tested against 500k tickets, to be deleted by one or more tasks. The time it takes to delete all tickets depends on the load of your account (we have to respect Zendesk's API rate limits).

Single bulk delete
In a production/live Zendesk set-up it took about 2 weeks (non-stop) to delete all tickets and users.

Scheduled delete
Based on the single bulk delete, we've estimated that the app can delete about 35k tickets each 24 hours. That should be more than enough for all you incoming requests.

We offer guidance with your deletion process. Depending on your use-case we may charge an additional fee.

How does the app work without a server?

GDPR: Search & Destroy does not track or pull any data out of your Zendesk environment.

The GDPR: Search & Destroy app will run in the background in the browser of your Zendesk admin(s).
It is good to keep in mind that the Zendesk admin(s) should have Zendesk open for the GDPR: Search & Destroy app to work.

Which data does Sparkly store?

The foundation of our company is that we respect privacy to the fullest extend. We believe that privacy is essential to maintaining human dignity and for managing various forms of interpersonal relationships. As a result, privacy is a necessary foundation for a healthy, vibrant, and functioning society.

We never send any of your Customer' data to Sparkly. For this reason, we do not have a need to store the data. The benefit of this is that you stay GDPR compliant, without needing to adjust your policies. To install the app you are required to have a subscription, therefore we collect the minimum viable information.

The following data is stored by Sparkly

Activation details
Subscription and payment details
Customer service request details

The information is used by Sparkly for

Marketing
Proactive Support
Customer Service
Billing

Is it possible to anonymize data in Zendesk and be GDPR compliant?

It is not possible to anonymize data with GDPR: Search & Destroy. The simple reason for this is that the Zendesk API does not allow anonymization of data.