Comply with GDPR (agent's/receptionist's view)

The European Union's General Data Protection Regulative (GDPR) aims to protect users of data-driven systems and services from misuse of their personal data.

GDPR also applies to organizations situated outside the EU, if they process data for or about EU citizens.

Because a Zylinc solution stores and processes phone numbers, e-mail addresses, and other data that can be used to uniquely identify a person, people who use the Zylinc solution are affected by GDPR. That's why, from Zylinc version 6.5, you get a number of features with which you can safely use your Zylinc solution under the GDPR requirements.

If you're an agent, a receptionist, or similar, you may get GDPR-related questions or requests from people. This is a short summary of how your Zylinc solution can help you when you get such questions or requests:

A Zylinc solution only stores data that's needed for daily operations and statistical purposes.

  • When data travels across the internet, the Zylinc solution protects and encrypts the data.

  • When data travels between the Zylinc solution's modules on your organization's network, your organization's supposed to protect it in a secure zone. In the secure zone, the data will typically not be encrypted, because there's no need to encrypt it in a secure environment. It's your organization's responsibility to create, configure, and maintain the secure zone. Ask your Zylinc administrator if you're in doubt.

  • When data rests in the Zylinc solution's databases, your organization's supposed to protect and encrypt it with a method called Transparent Data Encryption. It's your organization's responsibility to use Transparent Data Encryption on the databases. Ask your Zylinc administrator if you're in doubt.

If you get a GDPR-related request from someone, your Zylinc administrator, and other people whom your Zylinc administrator have given the required rights, can help you find, delete, and/or anonymize data that the Zylinc solution stores about people:

Be sure to verify the identity of the person who requests data before you ask your colleagues to find, delete, or anonymize it. Your organization may have formal procedures that you need to follow.

  • If someone wants to know what data you have about them: With GDPR, people have the right to know what data has been collected about them, and how that data is used. In GDPR terms, that's often called the right of access. Your Zylinc administrator, and other people with the necessary rights, can quickly find all data that the Zylinc solution stores about someone, and send a copy of the data to the person who requested it.

  • If someone wants their data to be anonymized or deleted: With GDPR, people have the right to have data that's been collected about them anonymized or deleted. In GDPR terms, that's often called the right to be forgotten. Your Zylinc administrator, and other people with the necessary rights, can quickly find all data that the Zylinc solution stores about someone, and anonymize and/or delete it.

    Because your organization may rely on statistics from the Zylinc solution, it may prefer to anonymize the data that's used for statistics, rather than delete it. When that's the case, all instances of the person's phone numbers and e-mail addresses in the Zylinc statistics database will be replaced with the letters GDPR. That way, your organization can anonymize the data and still use it for statistics.

The ability to find, anonymize, and/or delete data also covers data about former employees and custom users. Custom users are people whom agents, receptionists, etc. have added in their Zylinc clients in order to be able to easily view contact data about them, for example the phone number and e-mail address of a physiotherapist that your organization often uses.

Related: Comply with GDPR (administrator's view)