What is GDPR, and what does it mean for the live chat market?

The General Data Protection Regulation (GDPR) is the biggest legal change of the digital data age.

GDPR is a sweeping regulation that extends the protection of EU citizen personal data.

Companies are now held to strict, uniform rules on how they handle personal data. Plus, they face severe penalties if they fail to comply.

But what is GDPR? Is it a huge milestone in data protection? An onus on small business?

Across the EU, many companies are still unsure what GDPR really means for them, or what steps they need to take to meet its rules.

In this article, we explore the GDPR and its impact on the live chat market.

Out with the old, in with the new

The Data Protection Act 1998, enacted following the 1995 EU Data Protection Directive, is the legislation superseded by GDPR. Crucially, its replacement means that businesses will need opted-in permission from consumers to use their data, as opposed to the current opt-out model.

The changes are systematic and far-reaching. Companies must ensure that they process personal data lawfully and consensually, in a transparent manner, and for a specific purpose. Once that purpose is fulfilled, they should then delete the data.

For consumers, these new regulations give back control over use of their personal data.

For businesses, they cause sweeping policy changes – and live chat is a key channel affected by the upheaval.

Live chat as a data touchpoint

Live chat software is widely acknowledged as a valuable tool for both customer support and for ecommerce. Not only does it allow businesses and consumers to communicate at a click, it also facilitates the instant exchange of information.

It’s easy to forget just how much data is acquired through live chat. As well as its core chat functionality, live chat software typically comes with inbuilt tracking and web analytics.

With a chat solution installed, companies can uncover real-time data on customers and prospects – even without a session being launched.

So, how much data acquisition are we talking here?

Before a chat session

A more advanced live chat solution such as WhosOn can identify key visitor detail such as location, IP address and company. If the visitor is a return visitor, the software can also recognise the consumer and retrieve any historical information acquired.

Additionally, the technology can capture data the visitor types into a website form field (typically including fields such as name, email, and address). Importantly, it can capture any letters typed even if the user has not clicked a “submit” button to complete.

Then, data collection also happens during any pre-chat surveys. Many brands ask a visitor to answer a few identifying questions before they enter a chat session, in order to give personalised service, faster. Again, this will often include fields such as name and email.

During a chat session

Once a website visitor is participating in an active chat session, any existing customer data can be pulled into the chat for reference. This can simply come from the browsing session or from a more detailed CRM integration.

During the chat, there may be a necessary exchange of personal data. For example, the chat operator may need to take further details to help with a query or request, such as an address or telephone number.

In some instances, files may exchange between consumer and operator – an order confirmation, or an electronic bill, perhaps. Once more, these files will frequently contain personal, identifying consumer data.

After a chat session

Ordinarily, companies who use live chat software on their websites integrate the technology with their CRM or database.  They can then use the data gathered both before and during the chat to automatically add or update entries, keeping a constant loop between website and customer records.

It is also common practice to use the data from live chat to populate web or sales reports. Again, this can entail the extraction and usage of consumer data beyond the original website visit or chat session.

The implications for companies using chat

Clearly, a live chat platform collates a wealth of consumer data. In fact, most live chat users will be processing more data than they might have thought. That makes it necessary for businesses using chat technology to evaluate and adjust their processes in line with GDPR.

Under new GDPR legislation, companies who use live chat software to collect customer data are classed as “data controllers”. Simply, a data controller is an individual or organisation that determines the ‘what’, ‘why’, and ‘how’ of data collection.

The consumers tracked and chatted to via live chat software are classed as “data subjects”. This term refers to an individual who can be directly or indirectly identified via the information collected about them.

Businesses, then, are under new obligations to work within a clear data protection framework, and handle data legally and in compliance.

The changes ahead

GDPR compliance affects all business areas; all data touchpoints – not just live chat channels.

Fortunately, there are three main steps companies can take to ensure GDPR compliance when using live chat software.

In the first instance, businesses will need to ensure they have a comprehensive privacy policy set up – one that covers key details such as who you are; how, why, and what kind of data you collect; where you keep it; how the consumer can access or remove it; and procedures for processing data.

Next, it is vital to get agreement to this privacy policy. Consent is a cornerstone of new GDPR rules, and companies need to obtain it (or other legal basis) for any personal consumer data they acquire. Online, the most practical way to do this is via permission checkbox in pre-chat surveys, web forms or in “Terms of Use” displays.

Last, companies must ensure the data they obtain legally is also stored legally. For cloud users, this means keeping data safe within a high security data centre located in an EU-approved country. For data stored on-premise, you can ensure protection by appropriate means such as passwords, firewalls, and encryption.

Does this limit live chat software?

There is much fear around GDPR. Financial penalties of non-compliance aside, there have been claims that the regulations could cripple small business, drain resources, and even make certain types of data acquisition software obsolete.

However, the GDPR is far from a data bogeyman. GDPR is a significant step towards a digital single market, and businesses will be able to benefit from the opportunities this opens, as well as reinforced consumer trust.

Live chat software is going nowhere. Yes, companies will have to adjust some of their processes when operating chat, and yes, there will be repercussions if they fail to comply. That doesn’t stop live chat from being an essential tool for consumers and companies alike.

Customers still rely on chat for sales and support queries. They are aware that they need to provide consensual data to receive specific customer service.

What GDPR does is to put the consumer firmly in control and allow them to take affirmative action with regards to their data, rather than being unsure of how, why, or where it is being used.

For the live chat market, this means a sustained future of security, clarity, and consumer trust.

Useful links