GDPR: Not a Scary Regulation, but an Opportunity for Customer Services

There is no denying that we live in the age of customer choice. Due to increasing technological innovation, as well as legislation encouraging competition (such as PSD2 in the finance industry), we are surrounded by a multitude of services and products. It has never been easier to switch to a service, provider or product than ever before.

A new piece of legislation, to be implemented on 25 May 2018, that will give even more power to the consumer is the General Data Protection Regulation (GDPR) that will replace the UK Data Protection Act 1998 (DPA). As much as GDPR may seem as a scary regulation with huge financial penalties for non-compliance or breaches, it should not be seen as a threat to businesses, but rather it should be embraced with the aim of delivering excellent customer service.

Just look at the main points of the Information Commissioner’s Office (ICO) GDPR overview. Customer consent, individual’s rights, privacy information, legal basis for processing personal data, subject access requests – these are all giving power to the consumer.

So, how can my customer services team take advantage of GDPR to improve their service?

Audit & Aims

First things first. Following the initial full audit by the company’s assigned Data Protection Officer, he or she should meet with the customer service team to go over the key GDPR points and how it will affect their operations and how they handle clients and their requests. It could be useful to draw up a list of aims for how the team can make best use of GDPR and remain compliant at the same time. These could be:

Handling customer requests

A major part of GDPR is subject access requests. This means that preparation is needed for the team to be able to handle these requests compliantly. Customers will have the right to access any of their own personal data that a business holds about them. This request will have to be complied with within a month and businesses will no longer be able to charge for the data. Training will be necessary for the call centre to be able to determine whether this a legitimate subject access request or a “manifestly unfounded or excessive request” (the latter allows businesses to charge a fee) as stated by the GDPR.

Practice makes perfect

We can’t predict the future, but one can assume that customer requests will only increase. Subject access requests will be only one part. Under the GDPR, individuals will legally have the right to have any inaccuracies regarding their data corrected, to have any information on them erased under the “right to be forgotten”, to prevent direct marketing, prevent automated decision-making, profiling and data portability.

Your customer services and call centre team will require training to understand what GDPR is and how such requests and calls should be handled. You don’t want to leave the call centre team to do their own thing and then find out after a few months that your company is not GDPR compliant. As they say, practice makes perfect. Training sessions with the team and practical trial runs could go a long way for your team and for the business as a whole. Being ready with all the information the customer is requesting should work positively on your customer satisfaction surveys.

Adjust your language and identify who you are talking to

A further major part of GDPR is that when asking for consent or communicating privacy information, it has to be written in easy-to-read and clear language. The privacy information also has to include the company’s data retention periods and an explanation that all individuals have the right to complain to the ICO. If your business or organisation is collecting information about children, then your privacy notice will have to be written in language understandable by children.

Consent will always have to be given by parents or guardians for children, and this will need to be recorded.

It is, therefore, vital to understand who is calling and what kind of customer it is. The language has to be appropriately adjusted, especially if the caller is underage, a parent or guardian. Any communication with customers has to be clear, whether it is on the phone, by email or by live chat. With GDPR, however, there will be no excuses to not do so when communicating consent, privacy information or the company’s legal basis for processing personal data.

Summary

GDPR is a complex and important regulation that cannot be ignored. We are all in the same boat and have under a year to prepare for it. However, do not be intimidated by scaremongering articles and newsletters. There is plenty to do in regard to identifying where you are and where you want to go with GDPR. It doesn’t have to be scary, though, and you can make the best out of it, by:

• Doing your research and working closely with your company’s Data Protection Officer
• Setting out the aims of GDPR and applying them to your team’s work
• Training your team – practice makes perfect!
• Knowing who and how you are talking to customers.

Stewart Kitson is Head of Customer Service at SmartDebit.