GDPR for marketers: How it will affect chatbots

gdpr-chatbotsOver the last year, you’ve probably become aware of the impending enforcement of the General Data Protection Regulation (GDPR) set for May 25, 2018. The abridged version is something like this, in April of 2016 the European Union adopted the GDPR with the intent to empower individuals to take control of the use of their personal data and gave businesses two years to figure it out.

For marketers, this means that the way you acquire and use personal data will be tightly regulated. The GDPR will impact the way you gain access to and use personal data for everything from email campaigns and lead generation forms, chatbots and more. In essence for marketers, the GDPR means most of your favorite marketing best practices (list hygiene!) are now law–really.

See: How Your Marketing Team Will be Affected by GDPR in May

Many marketers are in a panic to get their strategies and tactics in-line with the GDPR, many others are still unaware of the new regulations, and even more have put compliance at the bottom of their list of priorities. Campaigner’s 2017 email report card reports that “only 1% of marketers say GDPR compliance is a top marketing goal in [2018]. Furthermore, 87% of (email) marketers do not know how the EU’s GDPR will affect their business.”

While a majority of marketers believe (or hope) their business won’t be affected, what they don’t know is that if your business is based outside of the EU, but it controls or processes the personal data of EU citizens, the GDPR will apply. Failure to comply with these new regulations could result in “fines of up to €20 million or 4% of their global annual revenue—whichever is greater”; it also depends on the violation. (Hubspot) 😱

So, How Will The Use of Chatbots be Affected?

The GDPR will mandate that businesses clearly state to users how their information will be used, must gain consent to use data collected, and provide easy access to users to update how their information is being used (or revoke consent to use it at all). This will affect how marketers use one of our favorite lead conversion tactics, chatbots.

The GDPR will change the way [marketers] collect and use messenger bot data. —

In a 2017 article by, “Gartner forecasts that more than 85% of customer interactions will be managed without a human by 2020.” With more marketing tools and solutions being produced with AI/chatbot technology, the GDPR is actually coming into effect at the ideal time. With chatbots becoming a standard, essential tool for marketers, they must learn how to adapt their strategies with the new privacy compliance regulations.

Take a look at our previous article in our GDPR for Marketers series to see why these new regulations are an opportunity—and not a roadblock.’s article outlines best practices you can implement to ensure your marketing organization is taking the right steps to becoming compliant:

  • Map out what data your bots collect and what PII (personal identifiable information) is included;
  • Identify how data is recorded and how a user is currently notified (if at all);
  • Know exactly where a user’s data is stored and accessed and who currently has access.

From there, you can make the right next steps in order to become compliant with May 2018’s regulations.

Additional Best Practices for Chatbots/Live Chat With The New GDPR

Because live chat is a more personal and conversational touchpoint with prospects and consumers, try to keep the following in mind to remain compliant with GDPR: (tips from

  • CRM integration: Many SaaS businesses use livechat tools to integrate PII into their CRM system so they can easily attach a nurture or drip campaign to a prospect based on their interests and needs. Make sure the way you are using this data is in-line with your users stated consent.
  • Just because it isn’t a form, it doesn’t mean it’s not data acquisition: Because live chat is a more informal way to gain information, it doesn’t mean it doesn’t fall under GDPR regulations. During initial discussions through a chatbot on your website, PII is easily acquired—name, company, website, email—make sure this information is stored and used appropriately and that you have consent to actually use it.
  • API-driven software is key: Managing consent and complying with the new GDPR regulations doesn’t have to be as arduous an undertaking as you might initially think. Utilize tools that make integrations and adapting to new regulations seamless. In our latest article about the importance of a flexible API, we dive deeper into the benefits of prioritizing this type of platform for maximum growth.

Greer Williams is PactSafe’s marketing leader. Join her in this GDPR for marketers series, as she dives into how the new regulations taking effect in May 2018 will enhance and shift marketers’ email, opt-in, and lead gen strategies. 

See how we help with GDPR compliance.

Don’t miss out!

Want the latest news, tips and best practices for high-velocity acceptance? Subscribe to our newsletter.