Many UK firms with a live chat function on their website may not realise that these communications are governed by the GDPR legislation – leaving many open to non-compliance fines and data breaches, warns the leading live chat solutions provider, Click4Assistance.
The live chat software pioneers fear that many organisations simply aren’t aware that any data collected or stored from website-based live chat windows fall under the GDPR remit.
“In order for businesses to achieve GDPR compliance, it’s vital that they understand their role as a data controller. This role carries real responsibilities and we think it’s important that businesses understand GDPR rules and regulations around live chat functions and data,” says Jill Stephens, Account Director at Click4Assistance.
“One of the key elements GDPR has highlighted is the education of data subjects regarding how their information will be used and stored. Failure to meet this obligation could result in large fines and loss of consumer confidence. Website visitors are increasingly security conscious and it’s important that firms habitually examine their internal processes and reconsider agreements when changing providers or renewing contracts. Most importantly, it’s vital to ensure the data collected in live chat messages is used for the purposes originally outlined. Personally identifiable information must not be stored longer than necessary following the live chat communication.”
Click4Assistance provides live chat software to a range of sectors with clients including the University of Liverpool and the NHS. It has a dedicated GDPR resource for live chat, so any business using a live chat function knows exactly how to handle data exchanged during those conversations.
“Sites with a live chat offering should understand that they take on the role of a ‘Data Controller’. With this role comes a mandated responsibility to ensure the security and appropriate handling of data. When it comes to using data gathered during live chat for marketing purposes for example, businesses may require formal consent to do so,” advises Stephens. “This can be achieved with a simple click box or a statement of consent during the chat.”
For firms using a third party data processor, Click4Assistance recommends an in-depth review of the data processing agreement take place in light of GDPR requirements. Alongside this, the 3rd party data processor should have encryption in place when data is both in transit and at rest, biometric and manned security protocols for the storage environment and additional operational security procedures.
Established in the UK at the inception of the Live Chat concept, Click4Assistance was one of the first, ground-breaking providers to introduce live chat for websites.
The company is now one of the market leaders in providing fully customisable messaging solutions that allows businesses to tailor the user experience of visitors entering their website.