Whether you’re a business owner or consumer you’ve probably – well, unless you’ve been living under a rock! – heard about the introduction of new legislation called GDPR (General Data Protection Regulation). What you may not know however, beyond a deluge of emails from companies in your inbox asking to stay in touch, is what it means for you.
In this post we want to share with you a few updates and changes within our product that can help you become compliant as a data controller, and take responsibility over the data of your end users, as well as what GDPR (aka DGVSO) means for business owners and their customers.
But before we get to that, a quick disclaimer: none of the below (or any other communication with us, for that matter) constitutes legal advice. Use your best judgement, and consult directly with the relevant authorities and/or legal advisers whenever possible.
Now that small print is out of the way, let’s get started…
What exactly IS GDPR?
It’s a new EU legislation that regulates how the personal information of European Union residents must be treated. Replacing the 1995 Data Protection Directive, it sets minimum standards for how data must be processed within the EU.
Specifically, it makes a number of changes to existing law that you’ll want to know about:
- GDPR strengthens the rights of individuals, who will gain the power to demand that companies show them any data that they hold about them
- They’ll also be entitled to demand that companies delete some or all of that information at their request
- Regulators will be given more power to work across Europe, rather than taking action in individual countries
- Maximum fines for breaking the rules will now hit €20m (£17.5m), or 4% of the offending company’s worldwide turnover
In other words? Privacy just became a very big deal to every company currently operating in Europe!
Chatra and the GDPR
As a company dealing with personal information provided by both our own customers AND their end users, we’ve always taken privacy very seriously. In fact, we’ve already published information about the actions we’ve taken to become compliant as a data processor.
In a nutshell, those changes included a close examination of our business and technological processes, putting a DPA (which you’re not required to sign) in place and updating our ToS and Privacy Policy. Below, you’ll find information about what we consider to be some of the most pertinent issues concerning GDPR as it relates to Chatra and how you use it:
1. IP addresses
By default, Chatra doesn’t reveal a visitor’s IP address. If you need to access it for security reasons, just check the box “Show Visitor’s IP” address in the settings area.
2. Pre-chat form
It’s up to you to decide whether or not you want to ask your visitors to introduce themselves and collect their name, email and/or phone number.
We’ve added a new checkbox to our form that can be used to collect consent for newsletter subscription. When a visitor fills in the form their consent, with exact wording, will be recorded in the conversation history in Chatra to help you comply with GDPR record-keeping requirements.
You can still collect personal information (including emails) from those who don’t grant you consent for marketing purposes but you can clearly separate or exclude them when exporting email address lists of users you’ve chatted with. If someone hasn’t granted you their consent for marketing purposes, then you definitely should NOT send them promotional material because you risk heavy fines.
“So why allow me to export ‘non-consenter’ email addresses at all?” you might ask. The answer is that, even though someone hasn’t granted you permission to send them marketing material, you might need to follow up with users on a specific issue by email. Our new export tool will allow you to do that more easily and safely.
3. Terms of Service
It’s very likely that you’ll be making changes or additions to your Terms of Service/Terms and Conditions. In many cases, you’ll want to have some concrete evidence that your user has seen, and agrees with, those new Terms.
In our pre-chat form you can also request that users (or “data subjects”, to use the language of GDPR) agree to your Terms of Service before initiating a chat. Alternatively, you can use this checkbox to collect data processing consent that’s in line with your business agenda.
Note that if you don’t use a pre-chat form to collect personal info and/or consent, you can always ask for it in the chat itself. You might want to create a saved reply template if you intend to use this feature regularly, or want to create long/elaborate consent requests to cover your back just in case of any future complaints.
4. Right to access/modify/delete personal information
The GDPR grants data subjects, i.e. your customers, the right to know what information you hold about them. It took us a while, but we worked day and night to implement a Search feature in Chatra that lets you do just that – you can use it to find all the relevant information in any conversations you have through Chatra.
Once you’ve found what you’re looking for you can modify, share or delete specific information piece by piece or get rid of the entire conversation. We should also point out that, if you decide to close your Chatra account, we will destroy all data belonging to you AND your customers within a reasonable timeframe that aligns with GDPR regulations.
We want to emphasise again that we’re fully aware of the sensitive nature of our business, which involves processing a huge amount of personal information, and we have always been mindful of that during the development and deployment of Chatra.
A lot of our existing processes were already compliant with new rules and regulations now being put into place, even before the GDPR appeared on the scene. We hope, however, that the new tools and features we’ve released will make it easier for you to become compliant as well.
If you have any questions or concerns about Chatra and the GDPR, feel free to send us a message!