Home > GDPR Recommended practices

Categories:


(Last Updated On: May 28, 2018)

There’s a lot of information in regards to GDPR out there as this topic is very complex, and it is different for each of our clients. Your company has most likely done extensive research, and perhaps been in touch with legal advisors, on how to handle SnapEngage data and when to delete it.

The following advice should not be taken as the definitive answer on GDPR and we would still advise you to consult with a lawyer or a legal team, as each company needs to know what to do, but it may give you a better understanding on how we are complying with GDPR.

You can add a checkbox and add your privacy policy onto it using the Design Studio on a pre-chat and an offline form. Asking for consent is one of the key objectives of this new regulation. What’s important is to be really transparent with the visitor. You should tell them where the data is going (sharing the address of your company for example). They also need to understand if your agents are in a different country, or what you are doing with the data they are giving you. We recommend that you put your whole privacy policy on the verbiage rather than behind a link. Making the checkbox required will stop the visitor from starting a chat unless consent is given.

Know the legal basis for the data retention, and decide how long you should keep the data for. This may be complicated, and there may be conflicting information, where GDPR asks you that you delete your data after you no longer need it, but you may have other needs in order to comply with accounting or medical requirements as well. We help you with our retention and deletion tools. With these tools, you can choose how long to keep the data for. Everything prior to that will be deleted, but we also offer you the option to delete data on demand, for when visitors request you delete their data. You can search for their data by email, on the logs section, and delete it.

Channels

If you are using communication channels other than web, you also need to determine with them whether they are being compliant or not, and how they are using the data.

Integrations

SnapEngage has some great integrations, which allow you to choose where to send the transcripts once a chat has ended. SnapEngage is processing your visitor’s data on your behalf, and passing it to the destination of your choice, but you need to decide which integration we are passing their data to, which is another data processor, and they also need to be GDPR compliant.

Sneak peek

Sneak peek is a great feature that, if enabled, allows you to see what the visitor is typing, which is great for faster responses, however, you need to understand, that you may not be GDPR compliant when using this feature unless you are very transparent on the privacy policy when the visitor accepts to start the chat. What we recommend here is to ask for explicit consent and explain this feature is on, or turn it off completely from the options tab.

IP address, location and social media lookup

If you state clearly that you are capturing the visitor’s IP address and location, and that you are searching for their public social media profiles, you should be GDPR compliant, however, if you are not stating this, then you should probably disable these options. You will find them in the options tab.

What about proactive chat?

For proactive chats, we are working on a consent workflow, but for the time being, you should assess what to do. One option could be to use a shortcut, where the agent asks for proactive chat visitors for their consent, possibly using the same text as you use on the pre-chat form. However, if you feel like you would rather disable it until we have something in place, then you can do so by going to Settings –> Proactive chat –> and unchecking the box

Did you find this article helpful?

Not HelpfulNeeds WorkSo-soHelpfulVery Helpful (2 votes, average: 5.00 out of 5)
Loading ... Loading ...

Published May 24, 2018