Short answer is 'yes'.
More detailed answer:
QuickHelp will be GDPR compliant by the May 25th, 2018 deadline.
Privacy by Design
Privacy by Design ensures that companies, like BrainStorm, consider data privacy during all design stages of projects, giving EU users power over their own data.
- End Users in the EU are required to accept Terms and Conditions, which discloses the data QuickHelp collects, and how it will be used.
- End Users in the EU are required to opt-in to receive emails from QuickHelp, rather than the standard opt-out.
Right to Be Forgotten
With the right to be forgotten, EU users can have their personal data deleted if they no longer desire it stored by a 3rd party such as QuickHelp.
- End Users in the EU can request that QuickHelp permanently delete all of their data.
- The only data kept in QuickHelp is the username, the date/time the request was made, and the date/time the information was removed, to confirm that the request was honored.
- All QuickHelp data will be removed within 72-hours of the request.
- Any organizational QuickHelp Admin with User Administrator permissions will receive an email notification when an end user from their organization requests to be forgotten.
- End Users in the EU can change their mind (72 hours after requesting their data be removed) and can create a new account via Single Sign-On (SSO) or self-provisioning. This will truly be a new account, and no historical data will be preserved.
- If your organization uses Microsoft Graph to sync your user base with QuickHelp, users who have requested to be forgotten will not be re-imported.
Portability and Access
Portability and Access grants EU users the ability to obtain their personal data.
- End Users in the EU can request their QuickHelp usage data.
- Includes, but is not limited to, Viewed Assets, Events Attended, Assignments, Content Shared with the user, Assessment questions and answers, etc.
- End Users in the EU will receive a link to this data via email within 72 hours of their request.
- If the end user receives the aforementioned email sooner, they must wait the full 72 hours before requesting the data again.