☑ WhosOn customer?
☑ Need guidance about GDPR compliance?
☑ Unsure how to use WhosOn in accordance with the new regulations?
You're in the right place. We've put together a handy list of options to help you on your GDPR compliance mission.
Getting started
Before we get to the nitty-gritty, it's important to emphasise three things:
1. Your GDPR compliance extends beyond your use of WhosOn. If you haven't already, take some time out to read up on GDPR and what it entails. The ICO (Information Commissioner's Office) is a great place to start.
2. No piece of software, in and of itself, can be "GDPR compliant." It can only be used in a compliant way, with compliant processes. (Hence our guidelines below.) We've written more on the myth of GDPR compliant software here: http://www.companybug.com/gdpr-compliant-software-exist/
3. It is up to you to decide what you want to do with the data WhosOn collects. We're simply here to offer support on the new regulations and how they impact WhosOn.
All clear? Let's take a closer look at WhosOn and your GDPR options.
Visitor tracking
WhosOn tracks your website visitors. To do this, the software uses a tracking cookie and collects IP addresses and page view information.
This is a core element of WhosOn that cannot be turned off. So, in order to ensure GDPR compliance, WhosOn tracking should be clearly included in your website's privacy policy. (Out of the scope of Parker Software technical support.)
Live chat
WhosOn also enables live chat with your website visitors. There are two GDPR compliant options you can take with regards to chat.
1. Allow the visitor to chat if they consent.
2. Allow the visitor to chat anonymously, i.e. not store chat data in the WhosOn database.
To help you weigh up both these options, we've expanded below.
Option 1: Consent to chat
This option is the simplest to implement and understand. It involves two WhosOn configuration steps from you:
1. Create a pre-chat survey field asking for a custom field of Boolean.
2. In attributes, set the "Validate" check box and leave the option on "Cannot be blank or zero".
The visitor then has to check the box before being able to start the chat — meaning you have that all-important consent.
As an extra step, you can also include a hyperlink to your privacy policy in the prompt text. (This isn't essential, but it's a helpful way to drive transparency.)
Option 2: Anonymous chat
This option will take longer to set up, and has more sub-options to consider. Firstly, you need to:
1. Set up anonymous chat by opening your WhosOn client and heading to Advanced > Data deletion -> Chat storage & privacy. Here, you can customise how a live chat is stored in the system. A description of all 4 options is available below:
a. Store all chat sessions, always
- This is the standard behaviour for WhosOn. Everything is stored.
b. Store all chat sessions unless the allowed to save has been disabled manually
- If the visitor chooses not to store the chat then the transcript will be deleted and the headers will be anonymised.
- "Yes" or "No" answers results in the chat being stored as normal.
c. Store chat text only when visitor has allowed it in survey (full header will be stored)
- If the visitor allows the chat to be stored then everything is stored as normal.
- Alternately, if the visitor says "No" then the transcript is deleted and the headers are anonymised.
- If no answer is given then the transcript is deleted and the header is anonymised.
d. Store chat text and header only when visitor has allowed it in survey (header will be anonymised)
- In this instance, if the visitor allows their chat to be stored then everything is stored as normal.
- If no answer is given or the visitor says no then the header is anonymised and the transcript is deleted.
2. Depending on the option you select this will automatically add in pre-chat survey field which you can customise in the “Start chat survey” area.
3. This will then present a yes/no option to the visitor initiating a chat session.
Anonymise header
We've mentioned header anonymisation a lot in the section above. Not every user is clear on what header anonymisation is, so here's a useful description of what it actually does — all in relation to the UserChats and UserChatVars table only. (Feel free to skip this section if you're already clued up on anonymising headers.)
1. IP set to 0.0.0.0
2. Name set to blank
3. Pre chat survey answers cleared
4. Post chat survey answers cleared
5. User Agent cleared
6. Visitor Username cleared
7. PageID cleared
8. VisitID cleared
9. VisitNumber cleared
10. VKey cleared
That's it!
Hopefully, you've found these GDPR options easy to understand. If, however, you run into any difficulties implementing them, we're happy to help.
Drop us an email, give us a call, or chat to us live and we connect you with our dedicated Security Officer.
Download these GDPR options as a PDF
Want to revisit these WhosOn GDPR options away from our website?
That's no problem - here's a handy PDF that you can download and print:
[ PDF] WhosOn GDPR options