GDPR Your Bot

It's everybody's favorite four letter word these days... GDPR.

What is it? Do you need to do anything about it? Should you care?

If you have a bot, you are technically collecting data - and that data could be from anywhere. It's best to protect yourself now, rather than being sorry later!

What do you need to do to get your chatbot compliant with GDPR?

In this episode, we talk about how to:

  • *Get consent from your current subscribers

  • *Add a Privacy Policy to your bot

  • *Check for information capture elsewhere in your bot

Here's the privacy policy generator I used for my chatbot: 

And here's the article that talks about simple steps for updating your website (scroll down past the image): 

Note: The link above is not comprehensive, but it will help you make a start.

Get prepared, Grasshopper! 

Psst! Want to ask me about bots? Click this link, get on my calendar, and let's get the conversation started! 



Podcast Part 1: GDPR in Plain English


Part 1 Transcript:

Welcome to The Bot Signal. Your home for news and views about Messenger Chatbots. Today's bot signal.,It's all about a four letter word that it's rocking everyone's world right now. Yes. You've received a billion emails on this, but I'm going to add my two cents today. GDPR. So it's going to be a two parter. We're going to talk a little bit about what what it is and what it means in plain English. We're going to do that today and tomorrow I'm joined to give you a few tips on how to GDPR proof your chat bot. So without further ado. So GDPR in plain English, really the central concept of this law is: freely given consent to use people's information. So what does this. What is this freely given consent? Basically it's saying that if you want to use someone's email address to remarket to them, send them emails, whatever, put them on your list. Then you have to ask them if it's okay, you have to give them a way out of it.

01:28: If they don't want to give you their email address and you have to tell them why you want the information, how you're going to use it. It's really not that complicated once it comes down to it. Basically what this is all boiling down to is giving more respect to the people that you are digitally marketing to. And I think that's a wonderful thing. Hey, wish this had been around years and years ago, honestly, because we have a culture now where, you know, the expectation of privacy, especially the younger folks get the expectation of privacy is just gone. Uh, whereas I think marketing will get so much better if we communicate with our users a little bit better if we give them choices instead of just bang them over the head with 80,000 emails. I think that, uh, I think the worlds, the worlds going to get to be a better place.

02:28: I think bots going to get to be a better place, but it's all about getting freely given consent to use people's information. Really simple stuff. Why does it effect? What does it affect people like you and me? If you fear in the United States, uh, or, or not in the European Union because it protects EU citizens where ever they're sitting in the world, basically, there's no way to, you know, there's no way to bar people from your website. There's no way to, you know, make it so that users aren't visiting and getting your website under control for this is another topic and probably better covered by somebody who does it every day for a living, uh, but making, making your website safe, making your bot safe, making your email lists safe for all people all the time is easier. It's just easier and so. And so obtaining that freely given consent is really, really important. It's the heart of the law. And in just a second, we'll go over a couple of other things that it says.

03:44: Another word about the freely given consent. It is something that the law says you must be able to reproduce if someone asks. So for instance, if somebody emails me or messages me and says, "hey, can you give, can you point to me where I consented that I could be on your email list?" Then I have to be able to reproduce that point in time, which they said that it was okay. If somebody says to me, hey, where did I give you permission to use my first name in the bot? Then I have to be able to give them a screenshot of, here's exactly where you consented a that I use your first name in the bot. So, very important that freely given consent. Again, uh, I, I just love the word consent. I love it. I'm, so I'm very important to get it it. Very important to get it where you can screenshot it if necessary.

04:52: Finally, the last big point that I'm going to explain today is that users, your people, the people that are on your list getting your newsletter, getting your messages, your people. They can request to download their information from you to see exactly what you have for them. They can request to change their info or they can request to remove their info from your system. Uh, so, uh, again, important stuff. Now is everybody going to wake up on Monday and go, I'm just, I'm just getting my data removed. Some people are uh, so removing their, their data from your system is important. Figuring out how to get that done when people ask, that's important too, um, and here's, here's my big point of the day. Listen, this is an inconvenience to us right now. It is, it is kind of a pain. I came from vacation and wow, it hit me in the face. Uh, I understand, but I urge you to make it easy for people to do these things. Make it easy for them, make it a pleasant experience for them. Do this and you will stand out from your competition. You will be able. I mean, people will remember that, that you were polite about it, that you were good about it, that you made it easy for them. We, all of us, no matter how we're marketing, I use bots. I use other things too though, in, in addition to that, I always want to make it a pleasant experience for people to use, to use my stuff obviously, because they're going to remember you. Make this, hey, please remove my information from your system. Make this experience a part of your overall user experience. Do not forget to give them a good experience on the way, uh, because that is remembered and it will come back around. So that's what I have for you today. We're going to talk to morrow about specifically how to protect your bot, uh, do some reading up on this law if you haven't already, uh, you know, understand it for yourself. And, uh, and I think everybody's going to benefit in the end.

07:26: Thanks for listening today. You can find full episodes of The Bot Signal on your favorite podcast player, and if you have the Anchor app stop in, ask me a question, leave me a voice message and I'll include it on my next show. If you're completely new to bots and you don't know what's going on there visit me at Start a conversation with me. Take my free mini course. It's all available. Thanks a lot and I'll see you in a bot.

Podcast Part 2: How To Prepare Your Bot


Part 2 Transcript:

…I would ever use that information, I, but, but technically facebook is collecting this information, passing onto ManyChat, ManyChats, passing it onto us and we are collecting that information because we can see it. We also, if you're using the first name feature to personalize your bot, which I have recommended to everyone of my clients, then you're technically processing personal information as well. So we all are doing this, so let's all protect our bots. It's the right thing to do.

01:35: So first thing that you need to do is go and get consent from everybody who has already subscribed to your chat bot. And this is really easy. Send out a simple message. Send out a message with some of the following bullet points. Hey, I respect your privacy. It's serious. If I ever need your information, I'll ask for it and tell you what I needed for. Um, and finally the most important part is just asking them if you can have consent to use the information that you're collecting within the bot and then give them that all important yes and no path. Give them a way to opt out of it. Listen, most people will opt right back in. It's fine, don't worry about it. But everybody who sees the yes/no button will realize that they have a choice and they'll feel cared about. They'll feel like somebody cares about processing their information.

02:36: And it's you, this is awesome. This is great stuff. It's well worth the time that it takes to send out this message. For the people that hit no, I don't want you to, to use my information within this bot and totally okay. Uhm, tag them in some way. ManyChat has a tool where you can scrub personal information and still keep the person within your bot, um, and super easy to use. Uh, learn how to use it now you'll be, you'll be happy later. So send out, send out an announcement to all your current people and get explicit consent that it's okay to do what you're doing within the not. Send it out today if you can, send it out as soon as you can. Uh, and uh, that will, that will make everybody's experience better. I know that a lot of people are getting a lot of emails right now. Totally fine. It's okay that you be among them. Don't, don't fret about this thing because people are kind of expecting it now. So go ahead, send that announcement and get consent.

03:44: So what if you are collecting information like emails within your bot and sending them to either a CRM, a customer relationship management program, or a spreadsheet of some kind? That's okay. Um, do the same thing, send an announcement and get consent. Tell them, tell them why, tell them why it's okay. It's really, this GDPR thing is really about treating a potential clients like their people, like they're real human beings who have a choice about things and it's awesome stuff. So if you are collecting those emails, tell them, hey, I'm collecting emails, I use these emails to blank, blank, blank, whatever you use them for, is it okay that I keep that I use this information in the following way and give them a yes, no option. Now if you are sending it out to a third party of some kind and they say, yep, scrub my information, then you're responsible for going to wherever you're sending that information to the spreadsheet or the crm and scrubbing that information there. And your email carrier might have some words on how to do that. I know mailchimp has sent out some stuff recently. Um, fantastic. Follow all the rules. Uh, you know, check all the boxes.

05:07: Why is it serious to do it? Like right now? Well, if the law comes down today, technically it's illegal from this point, to use people's information without their permission personally, identify all bolt permission information without their permission, but do it. Just do it right now. It's a long weekend darlings, uh, and if you get this thing done, then you don't have to think about it anymore because believe me, uh, if you put it off a little bit, because maybe you're not going to be sending messages for awhile or whatever, it's gonna come down, um, because every time you hear GDPR, you're going to think, er I have to do that. Don't do this to yourselves. Get it done, get it done as soon as you can. And it starts by sending out that announcement.

05:54 Here's the best practice for you. Add a privacy policy to your bot. You can use the same one as what's in your website. But for me, uh, I decided to generate one specifically for my bot that is a little more readable than your average legal document. And, uh, and it's also pretty short. It really just talks about the processing of information part. Uh, doesn't talk about, you know, all the other stuff that's in a privacy policy nowadays, uh, just talks about information processing and uh, and for me it was, it was perfect for my bot uh, you know, your results may vary. There are a lot of free privacy policy generators on the Internet take advantage of this, but when I talk about privacy in the bot I always also say if you want to see my privacy policy, just type wait for it... privacy policy and you'll be able to see what it is for this bot.

06:55 And so most people won't type in privacy policy, but again, you're creating that Disneyland experience where people feel cared about. Where people feel like if they want to see more information, that it's there for them. Um, they, they feel like you've thought about everything. Think about every app you've ever used. Think about every software program you've ever used. When you have a great experience, the thought in your head is usually, man, they thought of everything. Be the person, that thought of everything. Add a privacy policy in. This, it takes a few minutes, set it up to trigger on a keyword, and make it happen. I promise it's going to be worth your time.

07:47: This last part, it's probably the most time consuming, but believe me, you'll be better for it. Go through every single growth too. In manychat, they call them growth tools, probably other programs use other terms. Check out where people are entering your bot. Where are people subscribing? Manychat, it's the growth tools. Go through every single one of those and make sure that you're getting consent and mentioning privacy. Hey, you've already created these, uh, these words. You've already created, you know how you're going to say these things. You did it in your announcement. Just recycle that stuff and go ahead and put consent for information given and how it's used uh, go ahead and put that in every single place where people come into your bot because not only do we have to protect ourselves from people that are already subscribed, but in the future, everybody needs to know that their information is safe with you. So, check the, check the, those growth tools, and then go through and check your sequences. Make sure that you are not asking for information in a place where you forgot that you asking for it, and just make sure that if you do ask for further information in a bot, always explain why and give them a yes, no path. Give them an opportunity to say no and you will be all set for GDPR. So that's it. Talk to you next time.

09:23: Thanks for listening. Today. You can find full episodes of The Bot Signal on your favorite podcast player. If you have the anchor APP stop in, ask me a question, leave me a voice message and I'll include it on my next show. If you're completely new to bots and you don't know what's going on there visit me at Start a conversation with me. Take my free mini course. It's all available. Thanks a lot and I'll see you in a bot.Welcome to The Bot Signal. Your home for news and views about Messenger Chatbots. Today, part two of GDPR, last episode, we talked about what it is in plain English and we talked about why it's important. Today, we're going to talk about how to protect your bot. Now, here's the question that I'm getting from everybody: But RJ, I'm not collecting any information in my bot. Technically. We're all collecting this information. Let me tell you why, and this is true with many chat, chat, fuel, whatever program you have. When you, when someone subscribes to your bot, you do get pieces of information about them. You get first name, last name, uh, in many chat you'll also get the gender and the time zone. Who knows why?

RJ Redden