What Is DPA?
DPA stands for Data Protection Act. It is a law in the UK.
There are actually two Data Protection Acts. The original Data Protection Act was brought in in 1998 and updated in the Data Protection Act 2018, which is the UK’s implementation of the General Data Protection Regulation (GDPR).
DPA has a number of provisions that relate to call centres.
The most important provisions are:
- You must keep customers’ data secure
- Data can only be secured for a ‘reasonable’ period of time so that call centres have to periodically trim their records.
- You cannot sell on or transfer a customer’s data without their permission.
- The customer has a right not to have their data stored in the contact centre.
- Customers are able to ask for all of the information that you hold on them – without charge. This includes call recordings.
You Need to Make Sure You Are Speaking to the Right Person
The trigger point is normally at the moment when the caller requests personal information, such as an account balance or change of address.
This is personal information and should not be given to a third party without their approval. At this moment you need to be sure that you are speaking to the right person and so would need to validate them.
If they are just calling up for general advice, such as what are your charges, travel times etc, then you would not need to validate them unless it only applied to their specific case.
The term DPA often refers to GDPR (the General Data Protection Regulation), which was an EU-originated piece of legislation.
The key provision is that customers are able to ask for all of the information that you hold on them – without charge. This includes call recordings.
“The customer asked for a DPA”. i.e. the customer asked for their records or call recordings to be sent to them.