GDPR compliance: a live chat checklist

GDPR compliance is demanded of all businesses handling EU citizens’ data by 25 May 2018. For companies across every industry, the paradigm of data privacy has changed fundamentally. Under GDPR, companies must follow uniform rules on how personal data is processed or face severe penalties. Here, live chat specialist, Parker Software, has complied an actionable checklist for live chat customers. Tick off these six straightforward steps to start your journey to GDPR compliance.

These changes extend into live chat software. Every company using chat technology as a communication channel must prepare to adapt their dealings with consumer data – which can be a daunting procedure.

1. Raise internal awareness

The first step is as obvious as it is important. You’ll need to get the right teams involved to ensure GDPR compliance when using live chat software – from marketing to IT to customer service. So, get the GDPR conversations started and make sure the right people are aware of its implications.

It’s also worthwhile to speak to your live chat provider at this early stage. Find out what options they can offer to help you with GDPR compliance, such as encryptions, installable deployments or secure EU cloud hosting. The earlier you prepare, the better placed you’ll be.

2. Audit your live chat usage

Start documenting the data that flows through your chat channel. It’s important to detail all possible touchpoints, including how, where and why you obtain data, how you hold it, who you share it with, and how you store it.

Bear in mind that live chat doesn’t begin and end with a chat session. Doubtless, you’ll also be using the software for tracking and web analytics purposes, as well as for populating a CRM or database. All this involves a stream of consumer data, and it will need documenting at every stage.

3. Update your privacy policy

Next, justify and describe every purpose of usage of the personal data collected using live chat software. A cookie box won’t cut it anymore. You must obtain consent or have valid legal basis for each purpose, and list it clearly within a comprehensive privacy policy.

Your privacy policy needs to include key points such as: who you are; how, why, and what kind of data you collect; where and how you store data; how the consumer can access or remove their data; and your data processing procedures. Be sure to place this where it’s visible and accessible.

4. Allow consumers to take affirmative action

Consumer consent is a cornerstone of GDPR compliance. Under the new regulations, consent must be freely given, specific, informed and unambiguous in order to meet GDPR requirements. Web visitors and chat users, then, must be able to take affirmative action to signify permission.

This “affirmative” action can come in the form of a checkbox placed in a pre-chat survey, a technical setting in a browser or chat window, an in-chat statement, or an opt-in button in a “Terms of Use” display upon site entry. Either way, it must be unambiguous and the user’s free choice.

5. Commit to transparency

Live chat software is all about clear, upfront communication. Fortunately, that’s also a key aspect of GDPR compliance. You need to be clear, frank, and comprehensible in your communications with consumers regarding their data.

So, tell users what data you need, and why you need it. Let them know where it is stored. Give them an easy way to change their mind and opt-out at any time. In short, respect the consumer’s rights, and don’t withhold information.

6. Ensure your data is stored securely

You acquire constant data through live chat software. It’s your duty to store that data safely and legally. If you use cloud-based live chat software, be sure that your cloud provider is based in an EU-approved country, with high-security data centres.

If you use an installable live chat solution, you must take internal security measures. This can include – but is not limited to – passwords protection, firewalls, and encryption. Remember: you must take satisfactory security steps to ensure the confidentiality, integrity, availability and resilience of processing systems and services.

While you’re completing this checklist, remember that GDPR compliance is an opportunity, not an onus. With open, consensual procedures in place, you can benefit from a better quality of data from more informed, invested users.