26 April 2018
GDPR Advice for Existing Click4Assistance Customers
With GDPR just around the corner, we want to provide you with information to ensure your use of the Click4Assistance live chat on your website remains compliant with data protection regulations, and allow your organisation to continue delivering great service to your online visitors.
There is not long left until the regulation comes into effect. Non-compliance can result in organisations receiving a substantial fine of 20Million Euros or 4 times the global annual turnover. If you haven’t already made amendments, this article shares our suggestions to get your online communication channel ready.
Firstly, if you don’t already have an account we advise migrating to the new enhanced solution ‘Experiences’. The system has been developed in house and is hosted within the UK on Click4Assistance owned servers; therefore we do not transmit any processed or stored data outside of the UK. With your organisation and clients’ data as our priority, we have introduced extra layers of security by design including encrypted data at rest, force strong passwords with expiry and AD integration etc.
Rights and Lawful Basis for Processing.
If you are using the chat data purely for the purpose of the enquiry then consent is not required and will be compliant based on ‘legitimate interest’ which is the lawful basis for processing. However if you intend to use the information gathered for further marketing you may need to gather confirmed consent from your data subject (the visitor).
Flexibility of customisation allows consent checkboxes and additional information such as links to privacy policies to be easily added to the visitor facing windows. If including a checkbox on the prechat form, it should be unticked to allow enquirers to give consent freely and not generally be a precondition of providing the service. However in specific situations, organisations including Citizens Advice Bureau, cannot advise until they have received the visitor’s consent, therefore they may make it part of their validation process.
A checkbox could be added to the dialogue window which data subjects can easily use to consent at any point during the chat session. Alternatively the visitor can simply express their consent as a statement within the transcript. If your organisation uses the post-chat forms to build up your mailing list, the checkbox can be used to record email opt-in from the visitor.
If your company needs consent during a chat, and decides to use a checkbox, the flexibility of the solution allows you add it to the most appropriate window based on need and lawfulness. The system will store that consent has been given against the chat record and can be used as evidence.
Your visitors have the rights for access and to data portability that gives consumers’ the power to request their personal data and supplementary information to use for their own purposes. They also have the right to erasure / to be forgotten which outlines that the individual can request their data to be deleted when there is no compelling reason for continued processing.
Administrators with authorised permissions can easily search stored data using various filters to identify the relevant record(s) within the system. This allows them to export the data in readable formats (pdf, excel, CSV), email it directly to the data subject or delete records.
Click4Assistance Preparation for GDPR
However, in the main Click4Assistance was already compliant with the majority of the new regulations, as the data is all stored securely within the UK and you (as the controller) have access to the archived chats for removal or to enable you to email the transcript if the visitor requests the transcript.
Click4Assistance are not legal experts and can only offer advice based on our knowledge and experience, this shouldn’t replace your legal teams advice. For more information on our company and solution, contact our team on 01268 524628 or email firstname.lastname@example.org.