GDPR Compliance
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that sets strict guidelines for how personal data is collected, processed, stored, and shared, to give individuals greater control over their data. This article explains how Expertflow complies with the General Data Protection Regulation (GDPR).
Requirement | Compliance | Expertflow CX Compliance | |
|---|---|---|---|
| 1 | Data Encryption Implement strong encryption mechanisms to protect personal data both at rest and in transit. | COMPLIANT | Expertflow CX uses TLS for secure communication. See Data Encryption for details. |
| 2 | Access controls Enforce role-based access controls (RBAC) to limit access to personal data only to authorized individuals. | COMPLIANT | Role-based access controls (RBAC) and group-based access controls (GBAC) are implemented in Expertflow CX so that only authorized Agents can access the application. For more details see Agent Authorization with Agent Desk |
| 3 | Anonymization & Pseudonymization | COMPLIANT | To protect users’ personal information, we offer the PII data masking features: |
| 4 | Audit Logs Record all actions related to personal data access, modification, and deletion. | NON-COMPLIANT | A centralized audit logging is on the roadmap for 2025. |
| 5 | Pause-and-resume recording Allow agents to pause call recordings when discussing sensitive personal data. | NON-COMPLIANT |
Future Roadmap for GDPR
The following is the list of features related to GDPR compliance that are on our product roadmap.