The countdown to the 25th of May has begun… Is your organisation fully ready for GDPR?
Building chatbots is one of our specialities, and we would like to share some small thoughts about things you need to keep in mind when you want to build your own chatbot and want to be in compliance with this new legislation.
Do we need personal data?
Within chatbots you have different kinds of them.
You have bots that are only giving information (aka QnA bot), where collecting personal data is not necessary at all.
With this kind of bots you shouldn’t have any issues at all, since the bots are very general and are not interested in any personal information.
But the most interesting bots are off course the ones that really help you (personalised bots). For example a bot that will propose delivery address or will recommend a product to you. But for the bot to learn those things, it needs to keep track of your personal data.
So to answer the question: “Do we need personal data?”
It depends from project to project.
How can we be compliant?
The main goal of the GDPR exists out of 3 important rules:
- You cannot store data that can be linked to a unique person without telling them.
- You cannot use the data for any other purpose then for what you told them you will use it for
- You need to be able to remove all the data for that unique person if they ask you to
To make your chatbot (or your organisation) compliant to the new regulation you need to make sure you are in line with following rules:
- Your chatbot and its data needs to be located in Europe (under the assumption you’re a European organisation, like us)
- Your users need to agree with a consent that you can use/store their data
- You need to be able to edit and/or remove personal data when the user asks you
- You need to tell your user how long you will keep track of the data
- Your data needs to be protected.
Let’s make sure your bots are compliant with these new legal obligations, not only for avoiding the fines but also to show respect to your users!
This blog was originally posted here.