The General Data Protection Regulation (GDPR) is a regulation that gives European citizens more control over their personal data. In a nutshell, it extends protection against data breaches, and imposes uniform rules on how companies handle data.
So, what does GDPR mean for WhosOn customers?
Becoming a data controller
A data controller is a person or organisation that determines what, why, and how data can be collected. When you use WhosOn to collect customer data – whether it’s for a support chat, to update a CRM or for prospect detection purposes – you become a data controller.
On the other end of the spectrum are data subjects. A data subject is an individual who can be identified via the information collected about them. That can include everything from name, to location, to online identifier such as an IP address. In a nutshell, the people you track and chat to via WhosOn are data subjects.
Personal data acquisition
When you use WhosOn, there are several touchpoints at which you could be acquiring the personal data of EU consumers. Under the new GDPR regulations, businesses must obtain valid consent or another lawful basis to use – and store – this data. They must also have the ability to handle subject access requests.
The consent of any personal consumer data must be freely given, specific, informed and unambiguous. For WhosOn customers, that means you’ll have to tweak your processes to ensure GDPR compliance.
Potential data touchpoints
WhosOn can be used to acquire data in five main ways. These are:
You could be using pre-chat survey forms to gather useful information before a chat begins, including key identifying fields such as name and contact details.
WhosOn can be used to capture the data typed into website form fields – even if the user hasn’t clicked the “submit” button to complete.
With WhosOn’s prospect detection features, you could be collecting data on your website visitors including name, location and company.
You might receive important personal information from the consumer during a live chat session, such as their address or telephone number.
You might be storing WhosOn customer data in your CRM or database, or using it to populate web or sales reports.
What you can do to comply
There are three simple, straightforward steps you can take to ensure GDPR compliance when using WhosOn. These are:
As a data controller who stores personal consumer data, you are responsible for keeping this data safe. If you use the cloud, choose a high security data centre within an EU-approved country. Any data you store internally should be protected by appropriate means, including but not limited to passwords, firewalls, and encryption.
Need GDPR assistance?
We can help you make sure that your use of WhosOn is fully GDPR compliant. We have security and policy experts in-house, and we’re happy to work with you to ensure that your procedures are watertight. Get in touch to enquire about out GDPR services.