Countdown to GDPR – Everything You Need to Know to Protect your Call Centre
The General Data Protection Regulation (GDPR) is set to hit some on 25 May 2018 – and the weight of it’s importance is on the shoulders of contact centres nationwide.
The rules leave little room for leniency, as lawyers get set for tighter and safer data protection than we’ve known before, and it is a case of “do or die” to be ready for its implementation in just under a year’s time. There are steps you can take to ensure you are ready for GDPR in the contact centre, and in fact, even embrace it.
What exactly is GDPR?
Put bluntly, it’s a regulation by European Parliament set out improve data protection, coming down hard on companies which hoard information for profit. The primary objectives are to provide the public with better control with their personal information, whilst giving out hefty fines to businesses (and contact centres) which fail to comply with the revised legislation. Any company that takes sensitive data over the telephone needs to be clued up on the legislation in order to be protected.
Brexit won’t Save You
Perhaps the most widely asked question in the UK – what about Brexit? Politics is turbulent at the moment, and many of us are still holding onto our seats and waiting for it all to blow over, but one thing is for certain – wherever and however we land, GDPR will be waiting. Whether your contact centre is in Brussels or Birmingham, you must take it equally seriously to avoid landing in hot water later. In the words of the UK Information Commissioner’s Office, “for many organisations nothing will change. The GDPR will apply even when we leave”.
It’s More than Just Hefty Fines
On top of fines, companies could even be ordered to pay customer damages in the event of data theft, data loss, or any damages that find your company liable under the new laws. Breaching data protection laws could be the end of the line for your contact centre, if you end up faced with huge legal bills. Even if you can afford to pay them, the damage to your reputation could be the final blow to kill of the business you’ve worked so hard for. It’s simply worth it to take the steps to make sure you never end up in such a position.
Just How Big are the Data Protection Changes?
For some insight, part of the legislation states that:
Personal data must be “given freely”, rather than under the duress of not being able to use or access certain services.
Data has to be requested in clear and plain language that can not be construed as an obligation/condition for service
Any personal data you hold has been collected after obtaining consent that was explicit, rather than implied.
You will have an obligation to perform data erasure in response to individuals’ exercise of their “right to be forgotten” – that is, the right to withdraw their consent to your storing or using their personal data and to request their data be deleted.
Individuals have to be able to see their own data, to release a copy of any data you hold about them in a commonly readable format, so they can exercise the right to data portability – meaning they can transfer personal data from one service provider to another.
Any serious breaches have to be declared to the relevant data protection authorities within 72 hours, in the UK it’s the Information Commissioner’s Office
Section 4 of the GDPR states that some firms may applicable to appoint a data protection officer, often larger companies or those which handle large amounts of customer data. A DPO must be appointed, for example, if the processing is carried out by a public authority or body, with an exception for courts acting in their judicial capacity.
Remember, the Overall Goal is to Protect your Customers
The GDPR is looming and it’s easy to feel the heat of it as the time gets closer, but it’s important to remember its primary purpose. Of course, there are lawyers looking sniff out breaches and it’s important to be a few steps ahead, but ultimately the purpose is to keep your customers safe and in a position in which they are treated fairly. As it stands now, contact centres know the importance of, for example, keeping card data safe. The new GDPR will require contact centres acknowledge that all PII (Personally Identifiable Information) including names, addresses, account balances and passwords are treated in the same manner.
Bringing your Business up to speed with Technology
A top tip from PMC Telecom is to use this opportunity to bring your business up to speed with integrating the way your staff communicate with customers or other agencies – and the CRM you are using. 2 things that can help with this:
If you are wanting to keep costs low, you can look into some simple answering machine & call recording solutions – even a multipack of wireless dect phones can be configured to do efficient call recording at a fraction of the price of a full system. This would be ideal for a small business such as a dental practice or a therapist studio
Invest in a Hosted VoIP solution, The cost is higher, but it’s really well suited to larger businesses looking to integrate all communication channels into a watertight CRM ensuring you are miles ahead of any GDPR implications
Additional Information
Kirsty Rigg is Marketing Manager at PMC Telecom – Email
For additional information on PMC Telecom visit their Website
GDPR – Date made 27 April 2016
Implementation date 25 May 2018