WhosOn and
GDPR compliance

The General Data Protection Regulation (GDPR) is a regulation that gives European citizens more control over their personal data. In a nutshell, it extends protection against data breaches, and imposes uniform rules on how companies handle data.

So, what does GDPR mean for WhosOn customers?

Becoming a data controller

A data controller is a person or organisation that determines what, why, and how data can be collected. When you use WhosOn to collect customer data – whether it’s for a support chat, to update a CRM or for prospect detection purposes – you become a data controller.

On the other end of the spectrum are data subjects. A data subject is an individual who can be identified via the information collected about them. That can include everything from name, to location, to online identifier such as an IP address. In a nutshell, the people you track and chat to via WhosOn are data subjects.

Personal data acquisition

When you use WhosOn, there are several touchpoints at which you could be acquiring the personal data of EU consumers. Under the new GDPR regulations, businesses must obtain valid consent or another lawful basis to use – and store – this data. They must also have the ability to handle subject access requests.

The consent of any personal consumer data must be freely given, specific, informed and unambiguous. For WhosOn customers, that means you’ll have to tweak your processes to ensure GDPR compliance.

Potential data touchpoints

WhosOn can be used to acquire data in five main ways. These are:

Pre-chat survey forms

You could be using pre-chat survey forms to gather useful information before a chat begins, including key identifying fields such as name and contact details.

Form field capture

WhosOn can be used to capture the data typed into website form fields – even if the user hasn’t clicked the “submit” button to complete.

Prospect detection

With WhosOn’s prospect detection features, you could be collecting data on your website visitors including name, location and company.

In-chat data exchanges

You might receive important personal information from the consumer during a live chat session, such as their address or telephone number.

Data population

You might be storing WhosOn customer data in your CRM or database, or using it to populate web or sales reports.

What you can do to comply

There are three simple, straightforward steps you can take to ensure GDPR compliance when using WhosOn. These are:

Ensure you have a comprehensive privacy policy set up

Your privacy policy needs to cover key details such as who you are; how, why, and what kind of data you collect; where data is kept; how the consumer can access or remove it; and procedures for processing data. There are lots of helpful resources online to help you get this right.

Ensure that you get agreement to your privacy policy

If you are relying on “consent” you’ll need to get this from the consumer for any personal data that you acquire via WhosOn (and elsewhere). The easiest way to do this on your website is to add a permission checkbox in pre-chat surveys, web forms or in “Terms of Use” displays.

Ensure your data is stored legally

As a data controller who stores personal consumer data, you are responsible for keeping this data safe. If you use the cloud, choose a high security data centre within an EU-approved country. Any data you store internally should be protected by appropriate means, including but not limited to passwords, firewalls, and encryption.

Useful resources

GDPR compliance: a live chat checklist

What is GDPR, and what does it mean for the live chat market?

GDPR — a business blessing in disguise?


Need GDPR assistance?

We can help you make sure that your use of WhosOn is fully GDPR compliant. We have security and policy experts in-house, and we’re happy to work with you to ensure that your procedures are watertight. Get in touch to enquire about out GDPR services.

Please enter a valid domain