Skip to main content

User onboarding tools and GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. It imposes obligations to organizations worldwide, so long as they target or collect data related to the EU residents. (source)

What counts as personal data? Personal data is any information that relates to an identified or identifiable individual. For example, names or addresses (identified individuals) or location, cookies or even pseudonymous data if easy to link to a specific person (identifiable individual).

In every case, you need a valid reason (legal basis) to process personal data. In the context of User Onboarding, it is almost exclusively unambiguous consent. The users must explicitly agree that their personal data is processed for the purpose of user onboarding.

Even when you receive explicit consent, the obligations do not end there. For example:

  • You must collect only data absolutely necessary for the given purposes.
  • You must store the data only for as long as necessary to fulfil their specified purpose. It might be necessary to implement a data retention policy and clean up no longer needed data.
  • You must store the data in a way that ensures security, integrity and confidentiality. To achieve this, you might need a specific Data Protection Agreement with your non-EU vendor, or to ensure that all data remains stored and processed within the European Union.

How GDPR influences your user onboarding?

When implementing your User onboarding, there are a few places where GDPR will influence you.

User profile

Some solutions encourage you to build a comprehensive list of user profiles. These profiles can contain a deep understanding of a user (for example name, email address, but also amount of Twitter followers) and the previous user behaviour (first seen, last seen, or engagement in the past).

Keeping GDPR in mind, you must collect only data absolutely necessary to fulfil the purpose - user onboarding. For every variable stored or every user profile maintained, you must have a legit reason.

Having a deep understanding of a user can be handy when creating new campaigns. It is, however, very costly to maintain the list of user profiles risk-free. When choosing a solution, try to look at solutions designed around principles of zero-knowledge.

Example of user profiles

Data location

When collecting information about your users, you usually become the Data Controller of such data. As a controller you are, simply put, accountable for which data is stored and how it is further processed by you internally, or by vendors you have chosen (find out more).

When choosing a vendor for your user onboarding, you need to make sure that the data you share will be processed in accordance with the GDPR requirements:
  • for non-EU vendors or vendors processing the data outside of the EU, you need to contractually ensure the data is safe. Usually, you will need to negotiate a Data Protection Agreement (DPA) as a part of your contract. (find out more)
  • for EU vendors processing the data inside of the EU, your life is easier. These need to comply with GDPR by default.
By choosing an EU-based vendor processing the data within the EU you can reduce risks, decrease the time-to-market and save costs for legal reviews.

Usetiful - the European Digital Adoption Platform

Usetiful is a solution for every client that needs to comply with GDPR. We run from within the European Union (incorporated in Estonia) and process data of end-users on a data centre located in the EU.

Usetiful is designed to protect user data by default. The service is built to require a minimal amount of information to fulfil its tasks.


When implementing Smart Tips or Tours without workflow, Usetiful does not need to know anything about your users. We do not collect any personal information nor store any web cookie. The whole behaviour is triggered by an immediate user action on your site.

If you wish to implement Tours with workflows (for example: show only to new users) without sharing any identifiable user information with us, you can use the User segmentation feature. That way you can share with us, for example, that the current user is "new" and we know which tour to run without collecting any further information.

User segmentation as zero-knowledge

Targeting larger segments, rather than individual users, is a good practice to personalize the service without disclosing any detailed user information. This way you can create a tailored onboarding experience for different locations, languages or user skill levels without compromising on personal data security.

To keep user segmentation in the "zero-knowledge" mode, it is necessary to design the segments in a way that prevent us from identifying a specific physical person by knowing the segment. If the segments are too small or too specific, the benefit can be diminished.

Web cookies

Sometimes Usetiful needs to remember past user behaviour - for example, to ensure a product tour is automatically started for the same user only once. For that purpose, Usetiful stores a cookie inside the user's device.

Please note that as a Data Controller, you need to have the consent of your users to store cookies on their devices for the purpose of user onboarding workflows.

User profile

Product walkthroughs operating on a list of user profiles is a great way of running user onboarding. It allows, for example, simple personalization of your tours.

It is, however, the most complicated approach when ensuring compliance with GDPR. At the moment Usetiful does not support the creation or maintenance of user profiles.

What is our strategy on this one? We design new features with data protection in mind. We expect to release the feature of the User profile in the future to enable better personalization, but only when we can ensure the highest level of security and compliance without throwing the legal burden on our clients.

(disclaimer: This article has no ambition to comment on full details of the GDPR, nor is in any way providing legal advice. We merely aim to highlight where GDPR usually impacts our clients when implementing the user onboarding.)

Popular posts from this blog

How User Onboarding Checklists will help your User Adoption

User onboarding checklists are a crucial tool for developers who are launching products or want to improve product adoption.   What are User Onboarding Checklists? User onboarding checklists are a way to onboard new users. This digital adoption strategy works by splitting the onboarding experience into manageable atomic pieces. By making a checklist with various tasks, you can ensure that users are guided towards getting instant value from your product.     How to Build an Onboarding Checklist? Onboarding checklists are easy to build with no-code tools like Usetiful . By using an onboarding checklist template, your product can benefit from greater user engagement and acquisition. Benefits of User Onboarding The most common reason users abandon a digital product is: a) They can't understand how to use it b) The products value is not clear to them   A good user onboarding process directly addresses both of these issues. Any worthwhile digital adoption strategy needs to assist and dir

Build your first Welcome Message

Why Welcome message? Welcome message has a great impact on how users perceive your application - you can set up a very friendly and human tone of conversation. On top of that - it is really easy to create one with Usetiful! Benefits: Introduce your product from human perspective and let users know you appreciate them Activate your users with call-to-action  Get your Usetiful ready for more complex opportunities Build the modal In the Overview menu, click on " Add tour " Tour name - Give your Welcome message a name so you can find it later Let's keep it simple - page targeting should remain "All pages", trigger should remain to "Launch automatically". You can change these settings anytime later. Click " Continue ". Usetiful creates the first example modal for you. Click inside of the modal and update the content! Pro tip: Include pictures or video! Buttons - your call to action Usetiful allows you to set up actio

User onboarding best practices

" You will never get a second chance to make a first impression. " When people see your product or your new feature for the first time, the success depends on the first impression.