6 Tips to ensure that your chatbots are GDPR compliant


General Data Protection Regulation (GDPR) entered into force and was fully operational as of May 25th 2018. You can read all about it here. The new regulations brought a series of changes and improvements while strengthening the current regulatory framework. The GDPR applies to any website or mobile application collecting data from EU residents and that means chatbots and voice assistants as well!

Despite some myths and misunderstandings around GDPR the regulations there has been some success in the new policy despite still being described as being in a transition period. With incidents such as the Cambridge Analytica scandal last year users are even more concerned as to what we do with their data.

It’s important to note that, 71% of UK adults want tougher action in penalising companies that abuse our data privacy by misusing third-party data.

If you use chatbots as part of your sales and marketing strategies, you’ll need to make sure the processes you use to collect consumers’ personal data, as well as what you do with this data are in line with GDPR. Read on for some tips on how to ensure that your chatbots are GDPR compliant.

1. User Consent

Consent is not valid unless it is “freely given, specific, informed, and unambiguous.” Basically, that means a “clicked” agreement is required.
For websites your privacy notice is a great place to get consent from users. Here is a great example:

Don’t forget to update your privacy policy!

One of the rules of the GDPR is that all companies utilizing consumer data need to have a clearly stated privacy policy which contains the following pertinent information:

  • What information is collected?
  • Who is collecting it?
  • Why is it being collected?
  • How long will it be used for?
  • Who will it be shared with?
  • How can consumers withdraw from the agreement to give their data?

For a chatbot, it should provide users with a clear-cut, transparent, distinguishable, and easily accessible form to understand what data is collected, and how it will be used by the bot and organization. This needs to be provided at the start of the conversation and also its often a good idea to provide an easy way to access this in future e.g for bots supporting NLP a free text intent or part of an integration menu such as Facebook Messengers:

GDPR Chatbot consentChatbot Privacy Consent

We’ve found that having a privacy page in place listing all the important information is also an effective way to aid in compliance.


2. Allow users to have their data forgotten

According to the GDPR, users should be able to request that all their Personal Data is removed.

Chatbots need an intent to support this e.g  ‘please forget my data’, ‘delete my personal data’, etc. Or this could be part of the menu system:

Erase Data Chatbot Option

This data removal request needs to be followed up correctly.

3. Allow users to retrieve their data

Users should be able to retrieve their Personal Data.

Chatbot users should be provided with a clear and simple way to access, review and download copies of their data (in an electronic form) that was collected, free of charge. This can be actioned in multiple ways. You could either build a dialogue for this e.g  ‘please tell me what data you are storing’, ‘can you send me my data’. The response should present the data to the user or send an email to start the process.

Allow Data Retrieval Mechanism

4. Use personal data for the stated purposes only

This is vital for becoming GDPR compliant. Your online chatbot may be an informal way of collecting personal data, but it is still considered to be a data collecting and processing tool and so will fall under the GDPR legislation.

Clearly stating what information is used for is key. This means that you are only able to use the data for the stated purposes, such as sending newsletters, emails, SMS marketing messages or contacting users on Facebook Messenger.

Implement a mechanism to make sure users are clear as to what you will do with their data. This can be added as part of a welcome or supported by intent match or part of the privacy policy.

Chatbot Privacy use of information.

If you tell your customers that you will be using their email address and mobile phone number to send them information about your services and products, you should do that and nothing more.

5. Leverage Chatbot Conversation

Chatbots provide an engaging interaction medium for users which is no doubt enhanced by a personalised experience. This will often mean that a chatbot needs to collect some personal data from their users. When designing chatbots always remember to keep privacy first in mind. With a chatbot, it is easy to ask for a users permission and explain why you need it because you are already in a dialogue with your user.

Use opportunities when available to clarify and advise users during the conversation.


6. Safeguarding Data


There are two important roles defined in the GDPR that affect you as a company and the chatbot you build. Firstly, the data controller and secondly, the data processor:

  • Data Controller represents the entity which determines the purposes and means of the processing of personal data
  • Data Processor represents the entity which processes personal data on behalf of the controller

Data controllers are the decision makers about which personal data gets collected, stored and processed – so most companies are considered controllers!

Chatbots are all about data. If you want to create a solid conversational experience, you need to use Natural Language Understanding (NLU) and dialogue systems. The underlying machine learning algorithms need training data in order to improve and learn. Collecting this data is necessary to train the models and the more data you have the better the bot performs.

Data is essential – but it’s also vital to reduce the risk of data breaches and adhere to the GDPR  data processing principles.

With GDPR you are prohibited to store this data without explicit consent from users or if there is no legitimate reason to store this data. If you do have a need to store this data to improve your chatbot’s interaction with consumers, you may not do so unless you have explicit consent.

It’s common for many web and messenger servers to keep different types of logs, such as access, error or security audit logs. These logs might hold personal data such as IDs, IPs, and even names.

Reviewing your logs will allow you to find any personal data and deal with it accordingly.

Cloud Compliance

At The Bot Forge we use the Dialogflow natural language processing engine to create our chatbots. Using Google Cloud services means we can rely on GDPR being upheld with regards to our chatbot data:

At Google Cloud, we champion initiatives that prioritize and improve the security and privacy of user data. We’ve made multiple updates to ensure that Google Cloud customers can confidently use our services now that the GDPR is in effect.

We have peace of mind as compliance with the GDPR is a top priority for Google Cloud. It’s important to have this confidence when using third-party services which handle your data.

Want to talk about GDPR and data privacy? Get in touch if you’d like to chat.

The Bot Forge Named a Leader in AI

, ,

Did you know that more than 100,000 businesses are using chatbots to help optimize their customer experience?

Customers want instant replies, and chatbots are the way to achieve this, according to a 2018 Forbes article.

Here at The Bot Forge, we have been providing custom software development and AI services since 2018.

What they say

After working with many clients in many industries, we are thrilled to announce that Clutch, a B2B ratings and reviews firm, has listed us as one of the leading AI companies in the UK.

Additionally, we are on Clutch’s Leaders Matrix for top AI developers in the UK. The Leaders Matrix shows companies that are at the top of their targeted markets. The Bot Forge is one of the nine leaders on the Matrix.

Clutch Leaders Matrix- The Bot Forge

We could not have received this recognition without our clients. We have worked with small and mid-market businesses, and these businesses represent a variety of industries.

The industries they are in include the business services, financial services, and IT industries.

We received a 5-star rating from Stitch AI, a digital engagement solutions company. We provided web development services to the company; initially, Stitch AI needed assistance in building a web portal where it could create advanced lead generation chatbots for any industry vertical.

Clutch Review- The Bot ForgeWe created a platform that helps the client manage its customers’ chatbots, and we continuously work with the client. The client has been happy with the quality of our work.





“…we’re happy with their work, and they’ve fixed any bugs in a timely manner.”

— Managing Director, Stitch AI

Our Vision

At The Bot Forge, we are committed to our clients’ satisfaction. Our clients make us who we are

“Our vision is for our agency to become a global champion in creating custom chatbot solutions for our customers,” said Adrian Thompson, founder of The Bot Forge.

Clutch’s sister site, The Manifest, which serves as a guide for businesses, also listed us as one of the top AI developers in the UK.

You can also see us on Visual Objects, Clutch’s portfolio-sharing sister site that features us on its list of top software developers.

Let us help your company revamp its customer experience. Visit our Clutch profile and contact us to inquire about our services.

The Non-Technical Guide to Popular AI Terminology

, ,

AI Terminology Cheatsheet

Artificial Intelligence is talked about everywhere these days. In the news, media and extensively in science. We mention it a lot on our website and blog after all this technology is at the core of what we do at The Bot Forge.
You may well have encountered some of the different terminology used. But what do developers and technologists really mean when they use these terms? Having a simple understanding of some of the more frequently used terms can be useful when thinking and talking about your chatbot strategy. This AI terminology cheatsheet aims to help you understand; no technical knowledge required!

  1. Algorithm

    An algorithm is a formula for completing a task. Wikipedia states that an algorithm “is a step-by-step procedure for calculations. Algorithms are used for calculating, automated processing and data processing and provide the foundations for artificial intelligence technology.

  2. Artificial Neural Network

    Artificial Neural Networks or ANN are artificial replicas of the biological networks in our brain and are a type of machine learning. Although nowhere near as powerful as our own brains they can still perform complex tasks such as playing chess, for example AlphaZero, the game playing AI created by Google.

  3. Artificial Intelligence

    AI research and development aims to enable computers to make decisions and solve problems. The term is actually a field of computer science and is used to describe any part of AI technology of which there are 3 main distinctions (1)

  4. Autonomous

    Autonomy is the ability to act independently so software which can complete tasks on its own is autonomous for example systems which manage self-driving cars.

  5. Big Data

    Big data describes the large volume of data – both structured and unstructured – that floods through a business and its processes on a day-to-day basis. In the context of AI big data is the fuel which is processed to provide inputs for surfacing patterns and making predictions.

  6. Chatbots

    I think we have mentioned these once or twice! A chatbot is a conversational interface powered by AI and specifically NLP. They can be text-based, living in apps such as Facebook Messenger or their interface can use voice-enabled technology such as Amazon Alexa.

  7. Cognitive

    Cognitive computing mimics the way the human brain thinks by making use of machine learning techniques. As researchers move closer towards transformative artificial intelligence, cognitive will become increasingly relevant.

  8. Deep Learning

    Also known as a deep neural network, deep learning uses algorithms to understand data and datasets. Deep Learning is a subfield of machine learning concerned with algorithms inspired by the structure and function of the brain called artificial neural networks. Deep Learning techniques have become popular in solving traditional Natural Language Processing problems like Sentiment Analysis.

  9. Entity and Entity Extraction

    Entities are also sometimes referred to as slots. An entity is used for extracting parameter values from natural language inputs. Any important data you want to get from a user’s request will have a corresponding entity.  Entity extraction techniques are used to identify and extract different entities: Regex extraction, Dictionary extraction, complex pattern-based extraction or statistical extraction. For example, if asked for your favourite colour you would reply “my favourite colour is red”. Dictionary extraction would be used to extract the red for the colour entity.

  10. Intelligent Personal Assistants

    This term is often used to describe voice-activated assistants which perform tasks for us such as Amazon Alexa, Google Assistant, Siri etc instead of text-based chatbots.

  11. Intent

    An intent represents a mapping between what a user says and what action should be taken by your chatbot. A good rule of thumb is to have An intent is often named after the action completed for example UserProvidedColor.

  12. Machine Learning

    Probably used by you every day in Google search for example or Facebooks image recognition. Machine learning allows software packages to be more accurate in predicting an outcome without being explicitly programmed. Machine learning algorithms take input data and use statistical analysis to predict an outcome within a given range. Machine learning methods include pattern recognition, natural language processing and data mining.

  13. Natural Language Processing

    Natural language processing (NLP) enables machines to understand human language. Machine learning is used to find patterns within large sets of language data sets in order to recognise natural language and aid machines in understanding sentiment so that they can respond correctly.

  14. Sentiment Analysis.

    Sentiment Analysis is the process of determining whether a piece of writing is positive, negative or neutral or more advanced analysis would look at emotional states such as “angry”, “sad”, and “happy”.

  15. Utterance

    An utterance is anything the user says via text or speech. For example, if a user types “what is my favourite colour”, the entire sentence is the utterance.

We hope you have found this AI Terminology Cheatsheet helpful. If you want to talk about your chatbot project contact us at The Bot Forge

Comment if you think I’ve missed any terms out which should be on the cheatsheet