24 TOPDESK MAGAZINE - MARCH 2016

Patrick Mackaaij
… is a marketeer at team Worcade.

HANDLING YOUR
CUSTOMER’S PERSONAL
DATA WITH CARE
You might use TOPdesk to process personal data such as name, email address and login
data. Depending on how you make use of TOPdesk, this can include sensitive information.
It is therefore required that your TOPdesk is secured properly. You can do this with good
login settings, HTTPS, setting up permissions and filters and by limiting export options.

Data Protection Law and data breach notification

Moreover, the DPA was recently extended with guidelines on ‘data

Personal data is data that can be uniquely retraced to an individual. A

breach notification’. These guidelines obligate organizations to report

full name, email address or login data are some examples. These data

lost personal data or the (possible) unlawful processing of this data.

can most likely be found on a person card in TOPdesk.
In December 2007, the Dutch Data Protection Authority (DPA)

When you work with personal data of a sensitive nature, you do not
only have to directly notify the authority in case of a data leak. You also

already wrote that they expect you to secure personal data sent via

need to notify the parties involved because the data leak could have

public internet connections in their article ‘Publication of personal data

negative effects on their personal life.

on the internet’. “Ensure that data transfer is secure by means of the

Whether you record sensitive personal data strongly depends on

SSL protocol,” is a literal statement in the article, which you can read

the application of your TOPdesk. Does your HR department work with

here: http://bit.ly/1L28EJe.

TOPdesk? If so, it’s likely that you have this data on person cards or in

In 2012, the EU also proposed a comprehensive reform of data
protection rules. This resulted in a General Data Protection Regulation,
which, from 2016, can impose fines of up to 4% in case of data breach.

calls. Do you use TOPdesk to support groups of vulnerable people? You
then also process sensitive data.

WORKING SMARTER

Image 1. Padlock icon in the address bar

Accessing TOPdesk via HTTPS?
Many TOPdesk environments are connected to the internet so callers

It is not always clear how the traffic is carried between the caller’s/

and operators worldwide can work with each other. In practice this

operator’s computer and TOPdesk. That is why it’s important to secure

means working from home or using TOPdesk to support consumers or

this connection. It is expected that web browsers will soon warn users

other organizations.

about websites without HTTPS. The warning shown to these visitors

Do you have TOPdesk SaaS? We have already ensured that you access
TOPdesk via HTTPS.
Do you have TOPdesk on-premises? You can easily check whether

will resemble the one shown when the HTTPS of websites is
not correct (anymore). For instance, the certificate might be expired.
I would personally secure TOPdesk on your internal network to

you access your environment via HTTPS. Open your web browser

make sure you do not forget this when you make TOPdesk available via

and navigate to TOPdesk. If the connection is secured you will see a

internet later on.

pictogram of a padlock in your address bar.

HTTPS, TLS and SSL

Your TOPdesk on HTTPS, no problem!
Is your TOPdesk environment not available via HTTPS yet? Please

HTTPS, TLS and SSL are related concepts that are often used

contact your TOPdesk application manager. The manager can check

interchangeably. This is not a problem when it comes to the goal

whether a certificate is available within the organization.

of websites.
Websites can be accessed via the HTTP protocol. The ‘S’ in HTTPS

When there is no certificate available, you can get one plus the
required digital signature within a couple of minutes. Certificate

stands for secure. HTTPS is possible if the websites can be accessed via

supplier Comodo offers free certificates for a ninety-day trial period.

SSL or TS (SSL’s successor). SSL/TS is a technical foundation that can be

You can extend this period afterwards and periodically.

used for a protocol to erase email messages, for example.

We have recently updated our HTTPS documentation, using Comodo
as an example. With this documentation you can install your first

SSL/TLS looks after:

certificate on TOPdesk within half an hour. Read more about this on our

Authentication: an authority uses a certificate to ensure

website: http://bit.ly/TOPdeskHTTPS.

communication with the correct party.

The ninety days provide sufficient time to request a certificate for

Data integrity: messages have control numbers so no one can change

which Comodo performs more checks. An example is the extended

the data unnoticed.

validation of your organization where your web browser shows a green

Encryption: the data is encrypted so no one can listen to them.

bar to visitors on your website.

26 TOPDESK MAGAZINE - MARCH 2016

Editorial
Download this issue and more at
www.scribd.com/TOPdesk

Functional security measures

The TOPdesk Magazine covers subjects that
are topical in the world of professional

There is a data breach when personal data was lost during a security

service desks in IT, facilities and other

incident, or when you cannot reasonably exclude the unlawful

service providing organizations. TOPdesk

processing of personal data. A security incident could be a lost USB,

Magazine is intended for managers, service

theft of a laptop or a hacker attack.

desk employees, facilities organizations and

In the December 2014 issue of TOPdesk Magazine I listed technical

electronic city councils — anyone who is

measures aimed at logging on and keeping your software up-to-date.

involved with supporting clients on a daily

You can read ‘Protecting your TOPdesk environment’ on our scribd page:

basis. This concerns both the processes and

bit.ly/1TOrqX2.

the technology behind these services.

You can also use functional settings to prevent people from getting
access to or changing data. Besides setting up access permissions

TOPdesk Magazine is a TOPdesk publication,

on all cards of a specific type, you can also create filters in TOPdesk.

+44 (0) 207 803 4200, editorial@topdesk.com

Via Modules > Supporting Files you can create branch, category and
operator filters that provide operators with access to only a subset

Editors-in-chief: Milou Snaterse, Nicola

of cards.

van de Velde

Instead of using the operator’s filter to provide suppliers direct

Editors: Nicola van de Velde

access to your TOPdesk environment, you can communicate more

Translators: Laura van Rosenberg, Nicola van

safely and efficiently via supplier platform Worcade. See http://bit.ly/

de Velde

tdm-worcade for more information.

Contributors: Renske van der Heide, Ad Huige,

Finally, from TOPdesk 5.7 on you can avoid the export of lists (such as

Fiona IJkema, Patrick Mackaaij, Wolter Smit

customer and person cards) by taking away this permission from the

Layout: Denise van Rijst

operator via Modules > Supporting Files > Permission Groups > General

Illustration: Frank van Klink

> Export lists.

Photography: Aad Hoogendoorn, Menno van
der Bijl
Copy editor: Nicola van de Velde
A print run of 10,000
Quarterly magazine
Languages: Dutch, English
Copyright © 2016 TOPdesk. Although this
publication has been produced with the
utmost care and attention, the writers
cannot be held responsible in any way for any
damages that may occur due to errors and /
or deficiencies in this publication.