How do I comply with GDPR and other privacy laws by limiting retention of personal data collected by my chatbot?
Use Gobot to facilitate your compliance with privacy laws, including but not limited to, Europe's privacy regulation GDPR. Complying with global privacy laws can be very complex and costly if you get it wrong. Gobot is the tool you have been waiting for!
In some geographies you are only allowed to hold onto visitor data your bot collects for a limited period. The allowable retention period varies depending on various factors including, in particular, the consent provided by your visitor. If you are in the European Union or catering to European Union customers, GDPR requires under certain circumstances that businesses only retain personal data for as long as reasonably necessary to achieve the original purpose for which the data was volunteered.
So, for example, if your bot is collecting an email to subscribe a visitor to your blog, you can reasonably hold onto the email for as long as you publish your blog and your visitor doesn't opt out. If, however, you are collecting an email to send a one time coupon, your visitor has not authorized you to use the email for anything else and you would be obligated under GDPR to delete it shortly after sending the coupon.
Many marketing tools are not privacy compliant at all in this regard, holding onto all of this data indefinitely, exposing you to serious fines. Other companies go the opposite extreme to reduce your exposure, and simply wipe your valuable bot data indiscriminately after the default retention period expires. These companies wipe your data after a relatively short retention period even if your visitor authorized you to hold onto it! This is because these tools were jerry rigged after GDPR came out, and were not designed with privacy in mind.
Gobot allows you to control how long your bot stores visitor data with precision far beyond other tools on the market.
Gobot's Retention Functionality:
Gobot not only allows you to control what data you collect, it allows you to control to what extent collected data is actually stored and how long. Gobot provides multiple levels of privacy controls. The global retention settings, accessible under Settings, set retention across all of your bots. If you are only using a single bot these are the only retention settings that you might need to adjust. If, however, you have multiple bots you might want to adjust retention settings on a bot-by-bot basis. As detailed below, you can do this by tweaking the retention settings in the Bot Settings page for your individual bots. Bot specific retention settings trump the global settings accessible under Settings.
Global retention settings affecting all bots
Click the gear icon in the nav bar and that will bring you to Settings mode, click Retention Settings under Privacy.
In Settings you can control the global retention settings across all of your bots. You can adjust the retention setting on a region-by-region basis if you so chose, given the variation of privacy laws globally.
You will note that the first retention section above deals with retention of your response data. The second retention section deals with retention of your contact information. For each section, you will note that the default setting is forever but can be modified by clicking on the blue Edit button. You can also set specific rules to refine the retention if you like. For example, you can vary retention by geography, e.g., a different retention for Europe than the US. You can also vary the retention period based on the type of data collected from your visitors. For example, you can arrange to hold onto emails for 180 days but only hold onto telephone numbers for 30 days or any other variation.
Bot specific retention settings (which trump the global settings)
You can also tailor each of your bots' retention settings by accessing the Retention tab under the Bot Settings page (click the Advanced tab to reveal the Retention tab). Any settings in the retention tab will trump global or default retention settings discussed above.
Click on the green Add Rule button to add a bot specific retention for this particular bot, which will trump the global retention rules under Settings. Clicking the green Add Rule button allows you to specific a rule for each field collected as shown below.
By way of example, if your global retention is, say, 180 days but your bot collects emails for the sole purpose of sending a coupon (with no further authorization) then you will want to set your specific bot retention to 1 day to assure that you don't hold onto this personal data any longer than necessary.
DISCLAIMER:
This website is not intended to provide legal advice. You should not rely on this website for such, nor as a recommendation as to a particular legal understanding. Our goal is to provide background information to help you understand how Gobot has addressed some important legal points. This information is not the same as legal advice where a lawyer applies the law to your particular circumstance. Therefore, we suggest that you consult a lawyer to seek assistance in the interpretation of this information including its accuracy.
Copyright 2018, Gobot LLC, All rights reserved.