In many organisations, protection of consumer data is provided for more as an afterthought rather than being incorporated into the “DNA” of the systems and business processes. While some of this has to do with the difficulty of incorporating protection into legacy systems(and processes) and the added inconvenience of controlling access to and troubleshooting systems, most of it has to do with economics.
Under most countries ‘legislation,’ it’s far more accessible and economical to ignore or negotiate out of court settlements than it is to prevent them in the first place. What makes this even less favourable to consumers is the lack of protection afforded by archaic legislation designed by offline worlds. In most countries, legislation has just failed to keep up with the demands and problems of an always-connected online world of the 21st century
General Data Protection Regulation (GDPR) is a new data privacy law introduced in Europe, which will become effective on May 25, 2018. GDPR is enforcing stronger protections for personally identifiable data; which is collected, processed and stored by business entities.
It does this by levying heavy penalties on an organisation which fail to protect consumer data with up to 20 million euros or 4% of the total worldwide annual turn over
Any organisation that receives and processes information about EU citizens will have to now comply with GDPR guidelines. With the contact centre industry being highly data intensive, GDPR is undoubtedly going to change the way contact centres work.
GDPR Effect on Call Center Organizations
Are you leading a contact centre organization who is clueless how the new GDPR law will affect your industry? One of the core reasons why you should be worried about GDPR compliance is the extent of penalty attached to non-compliance. As per Paul Cunningham: The size of fines for data breaches can be up to €20 million or 4% of annual worldwide turnover for the previous year (whichever is highest).
Post-GDPR, your organisation will have to justify simple processes such as recording customer calls to fall under one of the following categories:
You have the consent of people involved in the call
- Recording is essential for contract fullfilment
- Recording is crucial for a legal requirement
- Recording protects the interests of one or more participants
- Recording is in the interest of the public or essential for the exercise of official authority
- Recording is in the interests of the recorder
Let us understand the impact of GDPR on your contact centre:
Reviewing Data Storage and Accessibility
GDPR asks contact centers to go beyond card data to safeguard all personal customer and employee data which is termed as personally identifiable information (PII). Additionally, GDPR requirements ask for a right of “customers to be forgotten,” security around data transfer, data visibility control/ authorization and access to data. Hence, contact centers need to introspect the location of data, its relevance and accessibility. As a part of GDPR compliance, Privacy Impact Assessment (PIA) is mandatory for controllers processing large chunks of sensitive data.
Make it easy for customers to access their data
Contact centers will have to upgrade their existing systems and infrastructure to provide customers with better control over their data including the right to allow or block access to their data. GDPR requires stringent data transfer and authorization policies in place to control customer data visibility.
Look beyond basic GDPR Compliance
It may be easy to focus one’s attention on the potential penalties of non-GDPR compliance, and then ensure minimal compliance, but we do not recommend this approach at all. As a contact centre, you should see GDPR as an opportunity to get your data in order and create a relationship that extends throughout the customer lifetime. Organizations like Sayint see GDPR as an option to differentiate themselves from competitors.
Deleting Customer Data on Request
In addition to higher standards for data consent, GDPR also empowers its customers with a right to ask companies to delete their data on request. Hence, every contact centre must meticulously organise customer data while ensuring where data is stored, and how it is used so that the organisation can quickly locate and delete such data upon request. Technology will play a key role in ensuring a higher compliance.
Now that you understand GDPR and its implications for your organization, we have a more straightforward way for you to stay ahead on GDPR compliance.
How can Sayint Help You Stay GDPR Compliant?
When you are relying on Sayint for your contact centre analytics, you can rest assured that you are GDPR compliant.
Help Increase GDPR compliance- Sayint’s speech Analytics privacy by design approach can help increase your GDPR compliance. By extracting insights from conversions and categorizing them, Sayint’s speech analytics can flag calls that require GDPR compliance and can maintain access controls based on your organization hierarchy and time frame.
Consider the following stages of a customer call data in a hypothetical phone call to book a holiday in a travel company.
Prospective customers may call to inquire about a holiday package
The sales agents may be able to convert some enquiries into bookings
post-sales, there may be calls to customer support
Bookings may have to be audited for fraud and quality control
post holiday, there could be calls to the legal team
In each of the above stages, there may be the requirement for different teams to have access to data during different periods. In case of non-converted inquiry calls, there are no contractual obligations to retain calls. Unless there is a business case, privacy by design would ideally require those calls to be automatically deleted or at least automatically flagged for deletion post sales, quality and audit teams would require access to calls immediately for a limited time. Customer support would probably require access to calls until the end of the holiday. Finally, the legal team may require access to calls even post the holiday and until contractual obligations end.
Auditing customer Data
At Sayint, our latest technology and Artificial Intelligence systems track the origin and use of data as to the maximum extent possible. Business processes and systems within Sayint are well connected, and the solution ensures that the flow of customer data is traceable.
Modify or delete data
In an event where your customer request’s for details, and its possible modification or deletion, Sayint analytics will help you deal with the request with 100% accuracy and quick turnaround time.
Ensure GDPR Compliance
With Sayint Analytics, you can make it easier for your customers to view and modify their stored data, and hence stay GDPR compliant. We help you in privacy impact assessment (PIA) activities to ensure that you are always up to the mark!
GDPR compliance is necessarily an ongoing process and cannot be done away with a one-time investment. Hence, as a contact centre organization, forming a dedicated team for GDPR and choosing an advanced technology partner for data management is a smart strategy.