Live Chat Ltd is ready for general data protection regulation (GDPR)
Live Chat Ltd is ready for general data protection regulation (GDPR)
From last 4 years, authorities from European Union are working on GDPR (General Data Protection Regulation) in order to secure, streamline and protect data of all citizens in the EU. By data it means contact information, their interactions with companies, specific requirements, health records, profiles and anything else that is processed by a company, organization and business on behalf of customers.
GDPR will give more and more control to customers over how their data is used. Permissions will be in place and businesses with legal operational environments will process customer data in a desirable format. Any bit of information about customers will not be compromised within the vendor’s operational, administrational, and data processing environment.
Here important thing to note is, GDPR applies to every third party and first contact organization that processes personal data of EU citizens, even if they are located outside of EU. Every business process that involves personal data of EU citizens by any means is obliged to continuously optimize its data security where it is stored, processed, transferred and used.
Under the GDPR individuals have:
The right to access
Under this right, customers/individuals can request access to their personal data and can ask how their personal data is used by the company after it has been collected. On request company must provide a free of charge copy of their personal data in an electronic format.
The right to be forgotten
If customers have stopped doing business with any company or if they have decided to withdraw their consent from a company to use their personal data, then they have the right to ask that company to delete their personal personal data from storage and use which is even in process.
The right to data portability
Customers/individuals have the right to transfer their personal records from one service vendor to an other with whom they have decided to start business. Transfer of data must happen in a commonly used and readable format.
The right to be informed
Personal data collection must be informed and must not be done without individual’s consent. In an electronic format, individuals must have to opt in for their data to be gathered and consent must not be implied rather given freely.
The right to update personal information
In case customers move their physical address, phone number and email address etc, then they have the right to get it updated. In other case on seeing copy for their personal data, individuals have the right to rectify any mistake.
The right to restrict processing
Under this right, individuals can restrict companies to process their data. This means company may still keep the data on storage device but they cannot use it for any processing purpose.
The right to object
Individuals can stop companies to process their data for any direct and indirect marketing purpose. As soon as request is received, processing for marketing purposes must be stopped because there are no exemptions to this rule.
The right to be notified
Individuals have the right to be informed within 72 hours of their personal data breach. Individual whose personal data has been compromised must be the first person who is informed by the company.
Our home work
As a third party vendor of services and human resources, we have made changes to our implementation strategies, processes, operations, user protocols, server side and firewall restrictions, network protocols and employee training methodologies. Here is what we are upto.
How we are affected
We are vendors of managed live chat, email support, call enter and technical support services which includes strategy, people, processes, data collection and data processing. Our every service involves customer data which includes their names, email addresses, phone numbers, interests, credit card information, their interactions and information on their overall behavior. This information is immediately passed on to our clients who then further process that data and contact their customers accordingly.
Being the vendor of collecting and processing customer data, we make sure every process of data collection and processing is protected and monitored in real time.
How Live Chat Ltd ensures permission based customer opt in
Core purposes of our services are lead generation. Customer services and technical support. In any case we have to either access customer profiles, ask for specific data input and then help them by processing their request. Before we ask access to customer profiles or collect their personal data, our representatives make it volunteered from the customer side in response to requests by our operators during live chat sessions, calls and email responses.
It is quite important that your organization’s processes are GDPR compliant as well on behalf of your customers. For general guidance and road map of GDPR, checkout this step by step guide.
How we are GDPR compliant?
Live Chat Ltd is committed to compliance with data protection regulation and other legal requirements from client side. We have reviewed our internal data protection policy and developed necessary procedures to protect our business and clients’ information against threats or any loss.
Here are the key points that are making us GDPR compliant.
1– Customer data from calls, email support and live chat support is stored in data centers who are
physically located in EU region and are compliant with the general data protection regulations.
2– Our data processing procedures and processes are quite interoperable and data can be deleted,
updated, corrected or transfer any time on request of individuals who called us, sent us email responses,
did live chat, and asked for technical assistance through any medium. Our centralized customer support
mechanism makes it easy with just few clicks.
3– We have dedicated staff who continuously monitor every single user machine and on the other side
server machine in order to make sure there is no breach of policy. We have made GDPR a permanent part
of employee training in order to make sure they are all aware of consequences if there is any breach.
More steps that we have taken are given below:
Our internet policy
Our network is based on centralized server and firewall with all the necessary internet restrictions where end users cannot access any website, portal, video steaming and anything else other than software, apps, hardware and peripherals that are only job related. Our firewall blocks all the rogue intruders from entering in to our network and our network monitoring staff is always monitoring user permissions and breach of policy.
Our level 3 security
Employees including administration, operators, supervisors and managers do not have direct access to their app, software and work related environment. Login details are auto saved and protected with dual password protection, one from by user’s system admin password and second server side password. No one is allowed to bring mobile phones, peripheral devices, data traveler devices and any other device that belongs to our electronic environment.
Our data protection agreements
We sign on three different agreements while signing up any client. One is service level agreement, second one is non disclosure agreement and third and most important agreement is client and customer data protection agreements. All of them include legal clauses on data protection and client’s digital assets’ protection which are binding and enforceable in native environments.
Our flexible protected processes
Our physical and electronic processes are designed in such a way that fully support data and information protection. Employees have limited access to data center where can only add information and cannot view or edit already stored information. Our workflows and employee adherence policies are monitored and necessary actions are taken in real time if there is any violation.
Sign-up for our FREE material and latest updates