22 February 2018
Securing Your Live Chat Integration to Comply with GDPR
The countdown is ticking away until organisations must be fully compliant with the General Data Protection Regulations (GDPR) that take affect from 25th May 2018.
The regulation will alter how companies use data, looking to modernise data protection in line with the digital age. Many organisations are worried about GDPR; however the changes can present a wider opportunity for improving customer service.
How this Affects Customer Engagement
Gaining consent may be necessary, depending on how your organisation intends to use visitor data that has been collected within chat. If their data is being used in a way that the individual would reasonably expect and has a minimal privacy impact or where there is a compelling justification for the processing (Legitimate Interests) such as, gathering data during a chat for the purposes of that enquiry or interaction, it is unlikely you would need to gain formal consent.
If the data will be shared or used for marketing purposes etc. you may need formal consent from the visitor. We suggest receiving a statement of consent during the chat, or adding a checkbox to the prechat form, however access to chat should not be restricted on the grounds of gaining consent without good reason.
It must be as equally as easy for visitors to withdraw their consent. This means if you collect visitors information during a chat for marketing purposes and they opt-out, the activities they signed up for (e.g. receive newsletter) must be stopped immediately.
They can also request that all their data is deleted under the right to be forgotten. This means every chat and record associated to them stored within the Click4Assistance solution must be removed. Filters are available within the dashboard windows such as Stored Chats, Visitor Activity and Offline Requests etc. Authorised users who have permissions to delete data will be able to use the filters to find any information regarding the visitor and remove it permanently. Anything that is also stored about that individual within CRM systems, email and social media accounts will need to be deleted.
The Click4Assistance solution includes functionality called prospects, which can automatically add lead details into the system when they have entered their information on the website. Under GDPR customers have the right to opt out of automated profiling, therefore the software allows companies using prospects to choose if they want to automatically and / or manually add visitor details. Adding prospects manually ensures that the visitor has consented to sharing their personal details. However if they were to remove their consent, the prospects area also contains a filter to find an individual’s information, which can be permanently deleted by an authorised user.
Customers can request their personal data, which must be received in a machine-readable format. Reports containing the visitor’s details and interaction information can be sent directly from within the solution to the individual, which can be read in PDF, Excel and CSV formats.
Implications of non Compliance
If a business fails to comply they can face massive fines of 20 million Euros (just under £18million) or 4% of global turnover, whichever is greater.
If a breach was to occur, the organisation needs to report it within 72 hours to both the customer and regulator. If multiple customers’ data has been breached, 72 hours is a very short amount of time to ensure all the clients affected are fully informed about the incident.
‘Experiences’ by Click4Assistance has been developed to help prevent breaches, take a look at our tips:
- Set up users with their own unique profile and login details, do not share one between employees
- Do not share passwords
- Change passwords regularly
- For advanced log in, use active directory
- Set up user types to define access levels and permission to ensure users are only accessing the modules they need to
- Restrict login access by time and IP
- Regularly review your user profiles to ensure only current employees can log in
- Run the audit report regularly to ensure users are not making unauthorised changes to the account
- When a visitor withdraws consent use filters, within Stored Chats, Visitor Activity and Prospects to identify any stored details to delete.
Click4Assistance takes security very seriously; chats and data are transmitted over https/SSL using SHA-256bit encryption and encrypted at rest. For more information about our security and how we are dealing with GDPR, contact our team on 01268 524628 or email firstname.lastname@example.org for our security documentation.