Data risks and chatbots

Conversational interactions via chatbots provide one of the most engaging and natural interfaces between your organisation and your customers. It is a great way for enterprises to drive engagement. However, users frequently overshare. Starting a conversation with a website visitor using an open ended questions can result in responses that are loaded with personal information. You are ingesting and therefore liable for this unstructured data.

Enterprises can take some simple actions to reduce their liability. Firstly, you should avoid collecting confidential data that you do not need. If your enterprises only needs to know a zip code, do not ask for an entire address. If you only needs to know current symptoms to route the user to the appropriate physician, do not query a complete medical history. Simplifying the interaction with users not only limits your liability for possessing sensitive information, but also improves the chatbot experience by asking less of your users.

Secondly, you need to understand what data you are holding. Delving into your data records can be messy. Particularly when those records are based on ad-hoc conversations with customers. Assessing these records can seem like a mammoth task, but it is non-negotiable. Understanding the data that you hold takes an investment of time and resources. It may be tempting to avoid, but in doing so, you’re only delaying the consequences of failure to comply.

With the right actions, holding unstructured data from conversational widgets can be a risk, but not necessarily a problem. The GDPR is arguably more about the processing of personal data, not that data by itself. Collecting free-form text where the user could have input any data doesn't imply that an organisation is processing sensitive data. However, general GDPR compliance measures apply. Understanding your data and then take appropriate data protection measures to remove all but the most essential information.

Our conversation bot integrations can automatically monitor and mitigate the risks of conversational widgets. We track the data your customers are submitting and then we follow simple workflows to protect all sensitive data.