Who Does GDPR Affect?
The GDPR applies to 'controllers' and 'processors' of data. As a live chat software provider Click4Assistance is a data processor, our customers maintain ownership of their data and are the data controller. Both controllers and processors are responsible for ensuring the security and appropriate handling of data. When collecting and processing data from an individual they are referred to as a data subject.
What Do We Need to Do?
Under the right to be informed, online visitors should have a full understanding of how their data is processed and why the organisation requires it. The easiest way to provide this information is to include a clear and concise statement regarding your organisations' data processing within your privacy policy, this should also contain how a data subject can withdraw consent. As part of your GDPR audit, it is likely you will have to make alterations to your privacy policy to include this information. You should also include information regarding the data that may be collected using your web chat software solution.
Why Do We Need Consent?
Where you use people's data in ways they would be reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing, 'legitimate interests' is the lawful basis for processing. Therefore if you are collecting data during a chat for the purposes of that enquiry or interaction, it is unlikely you would need formal consent. However if you intend to share or use the data for marketing purposes for example, you may need formal consent from the data subject. This can be achieved by adding a check box to the prechat form or receiving a statement of consent during the chat. Access to services such as chat should not be reliant on giving consent without good reason.
How Does Click4Assistance Ensure Compliance?
Developed and hosted within the UK on Click4Assistance owned servers, any data processed or stored is never transferred outside of the UK. Working with police forces, local authorities and NHS organisations, security by design is intrinsic within the solution and represented within our security policies. Flexibility of customisation allows check boxes and additional information (including links to privacy policies) to be easily included within the visitor facing windows. Functionality within the software also enables compliance with the rights and regulations required. Below we touch on some of the rights and how these are easily fulfilled within the software.
-
Right to be informed - As discussed above this can be addressed within the privacy policy and a link to the policy can be included within the chat window.
-
Right to access/to data portability - Consumers can request their personal data and supplementary information. Administrators (permissions allowing) can search stored data within the software using a variety of filters to identify the relevant record and export in readable formats (pdf, excel, CSV) or email directly to the data subject.
-
Right to erasure/to be forgotten - An individual can request their data to be deleted. Administrators can search stored data using a variety of filters to identify and delete records (permissions allowing).
This information has been designed to provide an overview of some of the key aspects regarding GDPR, please feel free to contact our team by phone, email or start a chat if you have any questions or require further information.
