Remote Support and GDPR
Remote Support Software and GDPR
Due to the way in which the GDPR defines the ‘processing’ of data, anything displayed on screen during a remote support session undertaken by one of our technicians is deemed to have been ‘processed’ by us. As the definition of ‘personal’ data is also very broad, our technicians may be exposed to ‘personal' data of some sort during remote support sessions.
In this article
- Under what circumstances do we use Remote Support?
- How do we ensure GDPR compliance when providing Remote Support?
Under what circumstances do we use Remote Support?
Remote support sessions are undertaken following a request for support from a customer. Customers may request support for a number of reasons, including (but not limited to):
- Assistance or advice on best practice or usage of the System
- Training or advice on a specific feature of the System
- Rectifying an error in usage of the System
- Rectifying a bug or fault in the System
- Adapting the system to a change in IT setup within the organisation
Examples of when a remote support session may be necessary include (but aren’t limited to):
- A new user requires visual demonstration of a software feature or process
- An existing user cannot clearly articulate the issue they are experiencing, necessitating further investigation
- A bug or fault in the software requires detailed investigation
The proposed use of remote support software is then clearly explained to the customer, undertaken only with their consent, and always conducted in such a way as would be reasonably expected.
How do we ensure GDPR Compliance when providing Remote Support?
We've implemented the following policies in order to ensure compliance with the GDPR:
- Remote support sessions are never stored or archived
- Remote support session are only undertaken under the direction of the customer and with their consent.
- In line with the practice of data minimisation, our technicians will advise the customer to close all non-relevant windows and programs before connecting and will only access areas of the customer’s system immediately pertinent to the support issue at hand
- Notes maintained in our CRM software contain only information pertinent to the support issue at hand, namely:
- The initials of the support technician who performed the remote support session
- The customer they spoke to
- The support issue that necessitated the remote session
- The steps taken to remedy the support issue
- The conclusion of the remote support session
- Any data (client databases, clocking files, fingerprint templates) obtained by us during the course of a remote support session are deleted by us on conclusion of the support issue. We will only ever collect data directly relevant to the issue at hand.
- Customers can end the remote support session at any time.