If you have any subscribers from the EU and/or EEA then the General Data Protection Regulation (GDPR) applies to you, also if youâre not based in Europe yourself.
There are a bunch of articles on the internet on how the GDPR applies to Email Marketing, but I couldnât find much about how the GDPR applies to Messenger Bots.
Thatâs why I wrote this guide for you.
But please keep in mind Iâm not a lawyer, I can be wrong. I recommend seeking an independent consultant to determine how the GDPR affects your business.
Things to keep in mind
1) Subscribers have the right to be forgotten
Which means you have to delete ALL their data when they ask you to.
ManyChat launched some new tools with which you can easily delete the data of your subscriber when they ask you to.
But donât forget that you might also have their data in Zapier, Google Sheets, and your ESP (email service provider).
2) Subscribers have the right to access all their data
In ManyChat you can export someoneâs data when you go to Audience > Their profile > 3 dots > Download User Data. It will export as a JSON-file that you can send to your subscriber.
3) Subscribers have the right to change their data
You could create a little flow where they can change custom field values.
4) Subscribers have the right to opt-out of marketing communications at all time
With Messenger Bots, thatâs nothing new because itâs already in the Messenger Platform Rules.
âA user may opt-out of receiving subscription messages from a Page at any time.â
Make sure everybody knows that they can unsubscribe by typing â stop. I also like to put a unsubscribe button in my Main Menu.
So thatâs all great, but donât forget to mention it in your Privacy Policy too.
Most Privacy Policies explain how to unsubscribe from an email list, so it would only logic to also include an explanation of how they can unsubscribe from your Messenger Bot.
I added this;
You may unsubscribe to my Messenger Bot at any time by typing âStopâ inside Messenger or by clicking âUnsubscribeâ in the persistent menu. You will then be asked for your confirmation to be unsubscribed.
5) Make sure you signed Data Processing Agreementâs
Make sure you have Data Processing Agreementâs (DPA) with all the tools you export data to. For example with Zapier or Google Sheets if youâre using that in combination with ManyChat or Chatfuel.
If youâre using ManyChat then you can sign their DPA here.
6) Have the FB Pixel on your website?
This one is processing personal data, which means you have to ask for people their explicit consent to place marketing cookies like this. A tool I can recommend to regulate this is Cookiebot.
Below is an example how I ask for the consent for marketing-cookies. Youâve probably seen it if youâre from Europe.
7) Permission-based marketing
With email marketing, you need someoneâs permission to send them future emails. Letâs assume this also applies to Messenger Bots, which means you need to have people their permission to send them messages.
That they got your download inside Messenger doesnât mean they want to receive future messages.
You might want to change your flows to make sure you always ask for this permission. Simply asking âwould you like to receive furthers tips & tricks?â should be enough. This is also a great way to filter out leads that are not interested anyway.
With email marketing, you can also get consent in the form they sign-up with. So maybe we can also use âSubscribe to our bot and receive tips & tricks X times a weekâ. That would count as consent I guess.
8) Privacy Policy
Make sure your privacy policy is updated & easily accessible.
Iâve created an item in my Main Menu called âThe Websiteâ with a sub-item called âPrivacy Policyâ.
9) Personal data processing consent
In ManyChat their GDPR-article they mention you need to have personal data processing consent from your subscribers. Also, youâll need to be able to prove youâve obtained consent from existing subscribers to continue messaging them after May 25th.
A name is personal data, so every Messenger Bot is processing personal data.
In my welcome message I ask this;
âBefore we start, I want to tell you that these messages are automated & personal data is used to personalize your experience. You can always unsubscribe by typing â stop. Ok?â
Iâm not a 100% sure if this message is compliant because there arenât any resources or examples of how this applies to Messenger Bots.
Checklist
To help you Iâve also created a step-by-step GDPR Checklist, you can get it here by email.
Leave a comment if youâve any questions, input, feedback or additional resources on this.
Good luck!
Want my GDPR Checklist for Messenger Bots?
Iâll explain what the GDPR is, and how you can apply it in ManyChat.
You make it so easy to understand. Keep up the great work and thanks for delivering value like always :)
Youâre welcome, Mark!
Please kindly help me to give an example of a Chatbot that complied with GDPR according to your description. Many thanks