As a result, it’s had a significant impact on the contact centre industry, as well as other organisations that outsource their customer services operations to them.
Under the rules, non-compliance can lead to a heavy fine of up to €20 million or 4% of annual global turnover (whichever is higher), so ignoring the problem is simply not an option.
Furthermore, according to a March 2017 survey of IT decision makers by Crown Records Management, 44% of UK companies believe that GDPR will not apply to UK business because of Brexit. This is not the case! GDPR does apply to UK business, and even afterwards the UK Government is likely to implement similar rules following Brexit.
So what impact has it had on the contact centre industry? One of the key requirements of GDPR is the recording and storage of telephone calls and text-based communications, such as chat or email.
Previously, data protection requirements have been narrowly defined, but GDPR significantly expanded that remit to include any data that can be used to identify a person: either on its own or in combination with other data.
Put simply, GDPR defines personal data as anything that “directly or indirectly identifies or makes a data subject identifiable.” This can include name, address, date of birth, phone numbers, IP addresses, and, of course, healthcare and financial information, meaning that in all likelihood organisations will need to record and store all communications.
Furthermore, businesses need to be able to recall any of this information on request, which must be provided without delay and at the latest within 1 month. They must also be able to delete data if requested by the customer, or on expiry of any relevant timeframe as defined by any contract or agreed terms and conditions – known as ‘the right to be forgotten’.
Importantly, even before any data is recorded, processed or stored, organisations must have formal consent from the consumer or citizen. This may be orally at the start of the call, or in writing at the start of a chat or text-based communication, or again may be tied into a contract or T&Cs.
Either way, it has to be explicitly granted by the consumer – ‘Opt in’, rather than ‘Opt out’ – and has had a significant impact on contact centre communications policies across all channels.
Data breaches are also subject to greater control under GDPR, with notification required within 72 hours, apart from two notable exceptions: if the breach has no impact on the consumers involved; or under “exceptional circumstances”.
Clearly this represents a significant challenge for contact centres and all organisations that outsource these operations to a third-party. What’s the solution?
Touch Call Recording Service is a complete, multi-channel, cloud-hosted service for contact centres and customer care, providing secure recording and storage of over 35 voice and data communications channels, including fixed and mobile voice calls, as well as text, Skype and other enterprise-based communication platforms.
Furthermore, our easy-to-use web-interface offers advanced search and retrieval capabilities, with restricted access rights and permission levels. Call recordings and data communications are searchable by time, telephone number and name, providing a simple, efficient solution to consumer requests for their personal data.
At the same time, communications are completely secure: all data is encrypted via a two-stage model that complies with ETSI TR 102 661 – AES256 encryption applies unique keys for each file, which is then further encrypted with RSA2048. Data is also mirrored across two geographical sites, providing disaster recovery reassurance.
We have experience of working with financial firms throughout Europe for over a decade, helping them to meet stringent MiFID rules. Our service is fully GDPR-compliant, and can quickly, easily and cost effectively remove the stress of meeting the incoming rules. What are you waiting for? Get in touch now to find out how we can help you maintain GDPR compliance.
GDPR: Active Consent. What does it mean to you?
The General Data Protection Regulation (GDPR) came into effect on May 25, 2018, and impacts any organisation that either controls or processes the personal data of customers and citizens. Those that fail to comply or suffer data breaches can now be hit with a fine of up to a maximum of €50 million (or 4% of annual turnover, whichever is highest).
What is GDPR and why should you pay attention to it?
The General Data Protection Regulation (more commonly referred to as ‘GDPR’) is the new EU-wide legislation intended to give consumers and citizens more control over how their personal data is used, and bring legislation up-to-date to meet advances in technology and new ways of exploiting data.