The new European General Data Protection Regulation (GDPR) will come into force on the 25th May 2018.
With all the confusion and noise around the threat of large fines for breaches of the Regulation, it is important to understand how GDPR can impact your contact centre operations.
Enghouse Interactive and city law firm Bristows LLP hosted a recent webinar to debunk GDPR myths, explain how the new law may affect businesses and contact centres to comply with the new GDPR Regulations.
The GDPR will affect all companies who do anything with personal data and who operate in the EU or have contact with individuals based in the EU.
Enghouse takes protection of personal data seriously and is actively working on alignment to and compliance with the upcoming GDPR legislation.
So, the company have summarised some key recommendations to assist you on your road to GDPR compliance.
Suggested Best Practice Approach to GDPR
Identify what customer data you process. Where is your customer data stored? Why is it being processed and how? Finally, understand your data flows across your business, partners or third parties.
Discovering where your customer data is stored and its accessibility can enable you to configure, amend and be visible across your systems.
Think about how your processes need to be able to allow individuals to exercise their rights under the GDPR.
Do you currently rely on consent from an individual when processing data? If you do, is that method of collecting consent still valid under GDPR?
If you use an alternative method to legitimise the processing of personal data, have you recorded that sufficiently? Consent must now be manually approved by the customer.
So, think about how you interact with your customer and how they could provide or deny consent, and be able to report on this capability.
For express consent, you could possibly apply the following to your multichannel activities:
IVR / Voice/ Video
Add an announcement up front in your IVR or your auto attendant that allows the customer to approve whether a call can be recorded or data stored by using the keypad. This ensures that you have allowed the customer to opt in for compliance.
Email / Live Chat
Use canned text to acknowledge that their data will be recorded, with an option for them to approve or deny permission.
The protection of a data subject’s rights sits right at the core of GDPR. Companies not only need to ensure they can provide this protection but they need to evidence it, too.
Do you have appropriate processes in place to ensure that you show you respect subject rights and that a data subject can enforce those rights when they choose to?
Technology Isn’t the Answer – Process Is
Remember, technology can help you manage and understand your data, but your policies and procedures need to be able to ensure your organisation complies with the GDPR principles and data subject rights.