Chatbots and the GDPR – what you need to know!

Chatbot DSGVO Website

The World Wide Web is constantly evolving. One achievement that can no longer be ignored is the introduction of chatbots. Nowadays, you can find them on many corporate websites, as they are valuable helpers in customer communication.

But unfortunately, as is so often the case, there is also a problem here: data protection.

In this article, we will tell you what a chatbot actually is and what you need to pay attention to when using chatbots on your website in compliance with data protection laws.

Attention: This article is not legal advice! We as developers of WordPress plugins and contractors of website projects have dealt intensively with the topic of cookie banners, as it is essential in our daily work. However, we are neither lawyers, nor can we guarantee the completeness, timeliness and accuracy of the following information. In case of doubt, always consult a lawyer.

What is a chatbot?
Chatbot

Hello, how can I help you?

Probably the most popular conversation starter of a chatbot. But what exactly are chatbots anyway?

Before we explain how you can integrate them into your website in a way that is as compliant as possible with the GDPR, it is worth clarifying in advance what a chatbot is.

Chatbots fall into the category of “artificial intelligences” and are therefore in the same league as Apple’s Siri and Amazon’s Alexa voice assistants. The little helpers are able to understand texts and speech and create recognition patterns. Based on this, it is possible for them to provide largely tailored answers to questions.

In addition, most chatbots can be customized with an individual avatar (a graphic representation of a person in the virtual world) to give the bot a human touch.

Chatbots live on information. The more information they collect, the smarter they become. In a way, they are like us humans 😉 Based on the data they collect, they can create extensive patterns, give increasingly specific answers and thus develop into better and better helpers.

Advantages of chatbots

There are a large number of chatbots for WordPress websites alone. No wonder, because they bring numerous advantages.

Short response times for the website visitor

Chatbots on the website are a great complement to live chat. The big difference between the two chat systems is that behind a chatbot is an artificial intelligence. Behind a live chat, on the other hand, is a flesh and blood person.

The disadvantage here is the longer response times, as the employee must first read the problem and classify it correctly. In addition, they have to find a suitable solution. Chatbots can assemble the answer from their knowledge database within a few milliseconds.

This reduces the waiting time for the questioner immensely.

Increasing sales figures

Most of the time, it’s the pre-sale questions that are a problem. These are questions that are asked before the purchase of a product. It can happen that companies do not have the necessary capacities to answer a large number of questions promptly. This in turn can lead to the potential customer bailing out and buying a competitor’s product – which should be avoided.

In most cases, chatbots can help here, as it is already possible to answer many questions with the help of the collected knowledge.

Increasing customer satisfaction

Satisfied customers are known to be loyal customers – and what’s more, they are the best and most cost-effective form of advertising. Therefore, the satisfaction of every customer is the be-all and end-all. Long response times in most cases lead to helplessness, frustration and anger – because who likes to wait? Automating processes with chatbots can save a lot of time.

Cost savings for companies

Chatbots are basically a way for companies to save on personnel costs. They can answer numerous questions at the same time, are happy to work a night shift and don’t drink away the coffee in the office 😉

Less email volume

Chatbots are also a great relief for the support team. They can intercept a flood of email requests and thus keep the inboxes clear so that “more important” emails do not get lost.

Analysis of customer behaviour

Read between the lines and understand your customers better. Are there specific questions or even problems that emerge from the enquiries that you should address? You can easily find all this out with the help of your chatbots and put it into product optimisation. A chatbot collects a lot of data that can be easily analysed.

Versatile use

Another advantage of chatbots is their versatility. No matter what industry you are in, you can actually use a chatbot on any company website.

What data can be stored by a chatbot?

In order to create sophisticated user profiles, chatbots process personal data. Roughly summarised, this is data that helps to identify a person – whether directly or indirectly. In addition to name and address, in many countries this also includes the IP address of the chatbot’s human user.

Chatbots and the problem with data protection

The big problem with using chatbots is that they need to draw on a wide range of data to provide the most accurate answers possible – including personal data.

According to the GDPR, the collection, processing and storage of personal data may not simply take place. According to Art. 6 of the GDPR, a justification is required for this. In most cases, the only justification is the active and informed consent (opt-in consent) of the data subject.

Using chatbots in a GDPR-compliant way

You can probably understand now why you can’t just embed a chatbot on your website. So as not to leave you out in the cold, we explain below what you should pay attention to when using chatbots in accordance with the GDPR.

📝 Privacy Policy

It is important that you specifically explain the use of the chatbot in your privacy policy. In the course of this, you should explain, among other things, which chatbot you are using, for what purpose this is done and which data is processed in the process.

🤝 Order Processing Contract

If you decide to use an external chatbot, in addition to the privacy policy, a so-called “order processing contract” (AV contract) is required. As a rule, an AV contract is always necessary if you commission an external company with the processing of personal data. This contract regulates the handling of data in accordance with data protection regulations. Article 28 of the GDPR is the basis for an AV contract. The data protection contract must be concluded with the respective company behind the chatbot.

In addition, it is recommended to use an EU-based chatbot provider or at least one that has adapted its chatbot to the requirements of the GDPR. You should be particularly careful with US companies, as the US is currently considered an insecure third country with a poor level of data protection in the EU.

✅ Opt-in consent

As a rule, your chatbot may only process personal data with the opt-in consent of your website visitor. The consent information should clearly state, among other things, the purpose for which the data is collected and processed.

The easiest way to get opt-in consent is to use a cookie banner like Real Cookie Banner for WordPress.

In addition, all consents are documented in Real Cookie Banner and can be viewed by you as the website operator. In this way, you can easily comply with your duty of disclosure.

By the way, the same also applies to live chats.

As you may have already noticed, we use a live chat on our website. We have already created a service (cookie) template for this in the Real Cookie Banner. If you reject the corresponding service in the cookie banner, the live chat will not be displayed to you and you will not be able to use it to communicate with us. On the other hand, no personal data is collected and processed by this service.