What is GDPR? What does it mean for the live chat market?


The General Data Protection Regulation (GDPR) is currently the hottest business topic in Europe.

Hailed as the biggest legal change of the digital age, GDPR is a sweeping new regulation that extends the protection of EU citizen personal data.

Companies will be held to strict, uniform rules on how they handle personal data, and face severe penalties if they fail to comply.

But what is GDPR? In this article, Howard Williams, marketing director at Parker Software explores the GDPR and its impact on the live chat market.

Out with the old, in with the new

The Data Protection Act 1998, enacted following the 1995 EU Data Protection Directive, is the legislation that will be superseded by GDPR. Crucially, its replacement means that businesses will need opted-in permission from consumers to use their data, as opposed to the current opt-out model.

The changes are systematic and far-reaching. Companies must ensure that personal data is processed lawfully and consensually, in a transparent manner, and for a specific purpose. Once that purpose is fulfilled, the data should be deleted.

For consumers, these new regulations give back control over use of their personal data. For businesses, they cause sweeping policy changes – and live chat is a key channel affected by the upheaval.

It’s easy to forget just how much data is acquired through live chat. As well as its core chat functionality, live chat software typically comes with inbuilt tracking and web analytics. With a chat solution installed, companies can uncover real-time data on customers and prospects – even without a session being launched.

So, how much data acquisition are we talking here?

Before, during and after a chat session

A more advanced live chat solution such as WhosOn can be used to identify key visitor detail such as location, IP address and company. If the visitor is a return visitor, the software can also recognise the consumer and retrieve any historical information acquired.

Additionally, the technology can be used to capture data the visitor types into a website form field, typically including fields such as name, email, and address. Importantly, it can capture any letters typed even if the user has not clicked a “submit” button to complete.

During the chat, there may be a necessary exchange of personal data. For example, the chat operator may need to take further details to help with a query or request, such as an address or telephone number.

Ordinarily, companies who use live chat software on their websites integrate the technology with their CRM or database.  The data gathered both before and during the chat can be used to automatically add or update entries, keeping a constant loop between website and customer records.

The implications for companies using chat

Under new GDPR legislation, companies who use live chat software to collect customer data are classed as “data controllers”. Simply, a data controller is an individual or organisation that determines what, why, and how data can be collected.

The consumers tracked and chatted to via live chat software are classed as “data subjects”. This term refers to an individual who can be directly or indirectly identified via the information collected about them.

Businesses, then, are under new obligations to work within a clear data protection framework, and handle data legally and in compliance.

The changes ahead

There are three main steps companies can take to ensure GDPR compliance when using live chat software. In the first instance, businesses will need to ensure they have a comprehensive privacy policy set up – one that covers key details such as who you are; how, why, and what kind of data you collect; where data is kept; how the consumer can access or remove it; and procedures for processing data.

Next, it is vital to get agreement to this privacy policy. Consent is a cornerstone of new GDPR rules, and companies need to obtain it (or other legal basis) for any personal consumer data they acquire. Online, the most practical way to do this is via permission checkbox in pre-chat surveys, web forms or in “Terms of Use” displays.

Last, companies must ensure the data they obtain legally is also stored legally. For cloud users, this means keeping data safe within a high security data centre located in an EU-approved country. For data stored on-premise, protection should be ensured by appropriate means such as passwords, firewalls, and encryption.

Does this limit live chat software?

GDPR is far from the data bogeyman it is often depicted as. GDPR is a significant step towards a digital single market, and businesses will be able to benefit from the opportunities this opens, as well as reinforced consumer trust.

Customers still rely on chat for sales and support queries. They are aware that they need to provide consensual data to receive specific customer service. What GDPR does is to put the consumer firmly in control and allow them to take affirmative action with regards to their data, rather than being unsure of how, why, or where it is being used.

For the live chat market, this means a sustained future of security, clarity, and consumer trust.