Skip to main content

User onboarding tools and GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. It imposes obligations to organizations worldwide, so long as they target or collect data related to the EU residents. (source)

What counts as personal data? Personal data is any information that relates to an identified or identifiable individual. For example, names or addresses (identified individuals) or location, cookies or even pseudonymous data if easy to link to a specific person (identifiable individual).

In every case, you need a valid reason (legal basis) to process personal data. In the context of User Onboarding, it is almost exclusively unambiguous consent. The users must explicitly agree that their personal data is processed for the purpose of user onboarding.

Even when you receive explicit consent, the obligations do not end there. For example:

  • You must collect only data absolutely necessary for the given purposes.
  • You must store the data only for as long as necessary to fulfil their specified purpose. It might be necessary to implement a data retention policy and clean up no longer needed data.
  • You must store the data in a way that ensures security, integrity and confidentiality. To achieve this, you might need a specific Data Protection Agreement with your non-EU vendor, or to ensure that all data remains stored and processed within the European Union.

How GDPR influences your user onboarding?

When implementing your User onboarding, there are a few places where GDPR will influence you.

User profile

Some solutions encourage you to build a comprehensive list of user profiles. These profiles can contain a deep understanding of a user (for example name, email address, but also amount of Twitter followers) and the previous user behaviour (first seen, last seen, or engagement in the past).

Keeping GDPR in mind, you must collect only data absolutely necessary to fulfil the purpose - user onboarding. For every variable stored or every user profile maintained, you must have a legit reason.

Having a deep understanding of a user can be handy when creating new campaigns. It is, however, very costly to maintain the list of user profiles risk-free. When choosing a solution, try to look at solutions designed around principles of zero-knowledge.


Example of user profiles


Data location

When collecting information about your users, you usually become the Data Controller of such data. As a controller you are, simply put, accountable for which data is stored and how it is further processed by you internally, or by vendors you have chosen (find out more).

When choosing a vendor for your user onboarding, you need to make sure that the data you share will be processed in accordance with the GDPR requirements:
  • for non-EU vendors or vendors processing the data outside of the EU, you need to contractually ensure the data is safe. Usually, you will need to negotiate a Data Protection Agreement (DPA) as a part of your contract. (find out more)
  • for EU vendors processing the data inside of the EU, your life is easier. These need to comply with GDPR by default.
By choosing an EU-based vendor processing the data within the EU you can reduce risks, decrease the time-to-market and save costs for legal reviews.

Usetiful - the European Digital Adoption Platform

Usetiful is a solution for every client that needs to comply with GDPR. We run from within the European Union (incorporated in Estonia) and process data of end-users on a data centre located in the EU.

Usetiful is designed to protect user data by default. The service is built to require a minimal amount of information to fulfil its tasks.

Zero-knowledge

When implementing Smart Tips or Tours without workflow, Usetiful does not need to know anything about your users. We do not collect any personal information nor store any web cookie. The whole behaviour is triggered by an immediate user action on your site.

If you wish to implement Tours with workflows (for example: show only to new users) without sharing any identifiable user information with us, you can use the User segmentation feature. That way you can share with us, for example, that the current user is "new" and we know which tour to run without collecting any further information.

User segmentation as zero-knowledge

Targeting larger segments, rather than individual users, is a good practice to personalize the service without disclosing any detailed user information. This way you can create a tailored onboarding experience for different locations, languages or user skill levels without compromising on personal data security.

To keep user segmentation in the "zero-knowledge" mode, it is necessary to design the segments in a way that prevent us from identifying a specific physical person by knowing the segment. If the segments are too small or too specific, the benefit can be diminished.



Web cookies

Sometimes Usetiful needs to remember past user behaviour - for example, to ensure a product tour is automatically started for the same user only once. For that purpose, Usetiful stores a cookie inside the user's device.

Please note that as a Data Controller, you need to have the consent of your users to store cookies on their devices for the purpose of user onboarding workflows.

User profile

Product walkthroughs operating on a list of user profiles is a great way of running user onboarding. It allows, for example, simple personalization of your tours.

It is, however, the most complicated approach when ensuring compliance with GDPR. At the moment Usetiful does not support the creation or maintenance of user profiles.

What is our strategy on this one? We design new features with data protection in mind. We expect to release the feature of the User profile in the future to enable better personalization, but only when we can ensure the highest level of security and compliance without throwing the legal burden on our clients.


(disclaimer: This article has no ambition to comment on full details of the GDPR, nor is in any way providing legal advice. We merely aim to highlight where GDPR usually impacts our clients when implementing the user onboarding.)

Popular posts from this blog

Create product tours with Usetiful

Usetiful contains an advanced editor that enables you to build tours visually without any programming skills. Try it yourself with 14-day trial .

Preview Tours with Usetiful Chrome Extension

We are happy to introduce Usetiful for Chrome , a new browser extension that enables you to preview all your Usetiful product tours on any site without touching the code. Just follow the steps below to preview your product tours: Install plugin and preview your tour 1. Enter Google Chrome Web Store and install the  Usetiful: Product Tours  extension. (Note: Usetiful: Product Tours browser extension works with Chrome browser only) 2. When the plugin is successfully installed, the Usetiful icon will appear in the browser top bar with the following message. 3. Click on the Usetiful icon and log in using your Usetiful credentials. If you are currently logged in to the Usetiful, the plugin will connect to your account automatically. 4. Go to the page where you want to preview your tour. The bottom panel indicates whether the selected tour is available. (Note: Only tours that are allowed to be shown on given page will be offered - see Page Targeti

Build your first Welcome Message

Why Welcome message? Welcome message has a great impact on how users perceive your application - you can set up a very friendly and human tone of conversation. On top of that - it is really easy to create one with Usetiful! Benefits: Introduce your product from human perspective and let users know you appreciate them Activate your users with call-to-action  Get your Usetiful ready for more complex opportunities Build the modal In the Overview menu, click on " Add tour " Tour name - Give your Welcome message a name so you can find it later Let's keep it simple - page targeting should remain "All pages", trigger should remain to "Launch automatically". You can change these settings anytime later. Click " Continue ". Usetiful creates the first example modal for you. Click inside of the modal and update the content! Pro tip: Include pictures or video! Buttons - your call to action Usetiful allows you to set up actio