Which Live Chat Applications are Ready for the GDPR?


In this article I look at popular live chat applications and report their readiness for the GDPR. My report is based on information supplied by the provider. The content in this article is created for informational purposes only. I do not intend to provide legal or professional advice.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new EU data protection law which determines how companies use and protect EU citizens’ data. It comes into effect on May 25, 2018.

Does this apply to my company?

Any company holding or processing data of any person in the EU is affected by this regulation, regardless of where the company is based. Non-compliance could lead to a fine of 4% of global annual revenue, or EUR 20 million.

What does this have to do with live chat?

First, some terminology: Under the GDPR your customer is referred to as a Data Subject. As you are providing services directly to your customer, you are the Data Controller. When you use a software vendor (such as a Live Chat vendor) which processes your customer’s personal data, that software vendor is referred to as a Data Processor. Under the Data Protection Directive (which was the predecessor to the GDPR), the burden was on the Controller to ensure that their vendors satisfactorily followed data regulations. However, under the GDPR, the Processor is now also liable for non-compliance. The good news is that this means that live chat vendors have an incentive to bring their systems into line with the GDPR. The bad news is that it doesn’t mean that you can simply assume that they will do this, as you are only able to use Processors that provide sufficient guarantees that they are compliant (or at least will be by May 25th).

So I just need to find a GDPR-compliant live chat provider?

No. Live Chat is ultimately just a tool that you are hiring: you need to ensure that you are using it in a way that is compliant with the GDPR. For example, it is your responsibility to remove sensitive data shared by your customers via live chat even though the feature to do this is enabled by the provider.

GDPR Readiness Assessments

For each application I looked at, I attempted to find out the following:

  • Has the vendor published a plan stating how they are preparing for GDPR?
  • Are customers' rights under the GDPR covered by application features or processes? These rights include the right to erasure (aka the 'right to be forgotten'), the right to rectification and the right of access
  • Has the vendor updated their Data Processing Agreements (DPAs) for GDPR?
  • Has the vendor appointed a Data Protection Officer?
  • Where data is stored outside the EU, has the vendor self-certified under the Privacy Shield?
  • Does the vendor meet industry standards for security, such as SOC 2, ISO 27001 or CSA?

I looked at 15 Live Chat applications in total. All of the providers I looked at have published a statement on their website outlining their GDPR plan and their current status. The majority of applications appear to be compliant already. Only 1 provider (Pure Chat) is still working towards compliance.

GDPR-Compliant live chat applications:

Matt

Article by Matt

Matt is a product manager with extensive experience in building and supporting software-as-a-service products. This includes implementing live chat for customer support and customer success teams.

Our work is supported by affiliate links.


Article Updates

  • Apr 30, 2018 Published Article
  • May 14, 2018 Updated Intercom Information
  • May 24, 2018 Update on GDPR-day
  • Nov 13, 2018 HelpCrunch, Zoho & SnapEngage updated