GDPR compliant chatbot

Guides and tutorials

BY Maciej Ciołek
7 months ago
Chatbotize - Chatbot

European Union delivered new regulations know generally as GDPR. This regulation introduces certain obligations for IT system owners, who process personal data. In this article, we will explain what are these duties about and how you can meet these conditions by building chatbot.

Obligation to instruct the user

The basic duty of any IT systems (or chatbots) is to instruct the user about the processing of personal data. Chatbot processes personal data, like for example: first name, last name or any message written by the user. You must provide the user with a document that explains the policy behind data protection and its usage known as Privacy Policy. The user does not have to give his consent, all you need to do is display the message and allow him/her to go further, for example by displaying the button "next".

Regulations for IT specific services

Chatbot is an electronic service which, according to the law, should have its own regulations. Users using the chatbot should have these terms and conditions presented for review at the start of the conversation. Here, as in the case of instruction, there is no explicit consent required - just we are obliged to display this information and the document.

Acquiring marketing consents

If your chatbot is going to contact users in order to present them a commercial/marketing offer they should legally agree to these terms by giving you a consent. Here the situation looks different than in previous cases and the display of information is not enough. According to the regulations, the user has the right to always give the explicit consent, i.e. answer "Yes" or "No" to the consent given and, moreover, his choice can not be selected by default.

Acquiring consent for profiling

The user leaves a lot of information about himself during interaction with the chatbot. During a long-term communication with the user, we learn what does he/she like, what is his/her budget, how many children they have or where he/she wants to go on holiday. In other words, we are building a customer profile. There is nothing wrong in building the profile and we can do it until we use this information, for example to adjust the content. This process is called profiling, which according to GDPR we should get approval for from the user. Similarly to marketing consent, the user must deliberately express consent by clicking e.g. "Yes" or "No".

How Chatbotize supports GDPR

On the Chatbotize platform there is a "GDPR Support" plugin that allows you to:

  • display the GDPR instruction
  • view the terms of service
  • collect consent for marketing
  • collect consents for profiling

GDPR instruction and service regulations are always displayed at the beginning of the conversation, while marketing consent is sent within 4 hours after the user's last contact with the chatbot, and consent to profiling after 8 hours from the last user's contact with the chatbot.

The type of collected data depends on the configuration of the plugin, as presented in the next paragraph.

How to configure GDPR plugin?

Start by installing the GDPR Support plugin. The plugin consists of 3 independent parts: Instruction (instruction of the GDP and regulations), Marketing (collection of consents for marketing), Profiling (collection of permits for profiling).

Chatbotize provides exemplary content of the privacy policy documents and chatbot regulations. If you are a customer, please contact us to get access to them.

Configuration of instructions

  1. In the Instruction tab, start by enabling the process by moving "Process enabled" to the enabled position.
  2. In "Welcome message" enter a welcome message, for example

"Hi, I have prepared for you many interesting activ ities!"

  1. In the field "Privacy Policy text" inform the user in a nice way about the obligation of the GDP, e.g.

"To be able to talk to you I need to first inform you about the new regulations that allow me to process your personal information on the following topic…"

  1. In the "Button caption" field, enter the name of the document about the privacy policy, e.g. "Privacy Notice"
  2. In the "Document URL" field, insert a link to the document with the privacy policy
  3. In the "Chatbot Regulation text" field, place a text informing about the regulations of the service, e.g.:

"Below are the Regulations. Please read these documents. You can also find them in the chatbot settings at any time."

  1. In the following fields, place the name of the document, e.g. "Chatbot Regulations" and a link to this document

  2. At the very end, in the field "Move forward message", create a content encouraging the user to continue further with the conversation with the chatbot, e.g.:

This is all, click below to continue" and the content of the button, e.g. "Next!"

Configuration of marketing consent

  1. In the Marketing tab, start by enabling the process by moving "Process enabled" to the enabled position.
  2. In the "Welcome message" field, enter polite content that encourages your consent, e.g.:

"To let you receive notifications, I need your consent. If you agree, I will send you interesting information about the offer, competitions, promotions, etc. For more information, please Information about Privacy."

  1. In the next fields, place the privacy policy link as in the case of Instruction.
  2. In the "Text" field, post the full text of the consent, e.g.

"I agree to receive commercial information regarding the offer from ... in the chatbot, including the processing of my personal data for this purpose."

  1. At the very end, configure the content of consent buttons, e.g. "Yes" and "No".

Configuration of profiling consent

  1. In the Profiling tab, start by enabling the process by moving "Process enabled" to the enabled position.
  2. In the "Welcome message" field, enter polite content that encourages the users’s consent, e.g.:

"Chatbot, with whom you speak, uses technology to personalise content. I need your consent to be able to send you personalised offers, promotions, etc. For more information, please Information about Privacy."

  1. In the next fields, place the privacy policy link as in the case of Instruction.
  2. In the "Text" field, post the full text of the consent, e.g.:

"I agree to profiling, i.e. the processing of my personal data by ... involving automatic analysis of my chatbot interactions in order to present content tailored to my preferences."

  1. At the very end, configure the content of consent buttons, e.g. "Yes" and "No".