GDPR consent to processing for support contacts created via email

Highlighted
Champion Moderator

GDPR consent to processing for support contacts created via email

For GDPR, I'm reviewing all the ways that records are created in our systems and how we request and record consent to processing. I've come up with an edge case that I can't figure out! If someone emails support@[my company's domain], it creates a support case, and if the person is not in Salesforce, it will automatically create a Contact. We use Salesforce Communities as our support platform, but this is similar in Zendesk, etc.

There's no way to check if the person is in the EU and if so to obtain consent to processing before we actually process them! The majority of these people are trial or paid users, so are covered under their organization's MSA, but it's possible for someone who is not a user to contact support this way and have a Contact created. What do we do in this case!?!

3 REPLIES 3
Highlighted
Anonymous
Not applicable

Re: GDPR consent to processing for support contacts created via email

Hi Amy,

Without seeing the process, a couple of high-level suggestions:

  • Add verbiage both to the support request process and possibly the privacy policy so people understand that this process will create a record in your databases.
  • Also add verbiage so that people understand that they can always choose to remove themselves from your database. You'll also need to ensure you have processes set up to handle this.

Worst case scenario, checking with a legal resource should help!

Best,

Mariah

Highlighted
Champion Moderator

Re: GDPR consent to processing for support contacts created via email

Oh I like that idea about putting language on our support page about what happens when someone emails support@, and a link to the privacy policy.

Highlighted

Re: GDPR consent to processing for support contacts created via email

After adding the language prior to sending the email to support, once the contact is created, send them an email with the details on how they can access their data, opt-out or access you preference center, exercise their right to modification and removal of data. No Marketing promotion in this email, just plain informations and links.

-Greg