The General Data Protection Regulation (GDPR) came into effect in the UK and all EU Member States on May 25, 2018. Any survey that you send to customers, fans or employees in the EU needs to comply with this regulation. In this short guide, I’ll share some tips and best practices to help you ensure that your chat surveys (or "conversational surveys" or simply "chats") adhere to the GDPR.
Just a disclaimer: Since I am not a lawyer or a data privacy expert, the tips presented here should be viewed as general information and recommendations only. 🙂 This is not legal advice and should not be relied on as such.
Tip 1: Get consent.
A key tenet of the GDPR is asking for explicit consent. This means research participants need to voluntarily opt-in to get future communications from you. Ask for consent when people do your first chat. If people refuse to provide consent, you can’t collect any data from them and must end the chat there.
Tip 3: Be transparent.
Be specific about how the data collected will be used. For the purposes of a chat survey, we usually tell clients to explain that it’s for research purposes and will be reported on in-aggregate only.
Tip 4: Let people request a copy of their personal data.
☑️ A copy of their personal data ☑️ A deletion of their personal data from your system ☑️ A change to their personal data
If you receive requests like these, you need to fulfill it within a reasonable period of time.
Tip 5: Let people unsubscribe.
Respondents should always have the ability to opt-out of your research activities.
In our platform, Chat Lab, this functionality is baked in. People subscribed to your chats can easily opt out by typing “unsubscribe” at any time. This is information we share with people when they opt-in to chats the first time.
Tip 6: Anonymize data when sharing.
Protecting respondent data should go beyond your activities in Chat Lab. Ensure that when you’re sharing any data electronically, it is anonymized. In other words, remove any personal data or personally identifying information (name, date of birth, contact information, address, IP address).
If you’d like to learn more about the GDPR and its implications for market research and insights, I recommend the following resources: