What Is GDPR And How Does It Affect Call Centers?

What Does GDPR Stand For?

GDPR stands for General Data Protection Regulation. It is a new legislation introduced by the European Union that requires businesses to protect the personal data and privacy of European Union citizens throughout the world.

Its objective is to integrate the flow of data between all member states and strengthen the rights of EU citizens over their data that is held and processed by organizations.

Whom Does GDPR Apply To?

The GDPR laws apply to any organization/company that stores and processes the personal data of EU citizens, irrespective of their location in the EU member state.

That is an organization that deals with the data of EU citizens in any way, wherever they are in the world, must abide by the GDPR rules.

Organizations are subject to GDPR if:

#1 They have a presence in an EU member state

#2 If the organization deals with EU citizens data (even if it is not located in the EU)

What Data is Secured Under GDPR?

GDPR protects EU citizens’ data, data that can be used to identify a person, such as a name, address, date of birth, and/or social security number.

Also, it includes web-based data, such as user location, IP addresses, and cookies.

What Does This Mean for Contact Center Industry?

The new legislation (GDPR) has brought upon significant changes for all call centers and businesses.

Below is a GDPR checklist for call centers. The following points must be kept in mind to make sure that the call centers abide by the rules –

1) Create Awareness About Data Protection

Now the point to note down here is that GDPR applies to everyone in the company, so everyone must be made aware of the importance of the new legislation. Organizations must create a team that will look after the GDPR implementation.

The team must also keep track of customer data and review how it is collected, stored, and processed. Companies can also appoint an officer or supervisor to look exclusively at Data Protection. He/She must also be responsible for mentoring employees on how to implement GDPR.

2) Companies Will Have to Justify Call Recording in One Of The Six Ways, That Are:

One of the significant changes that come with the implementation of GDPR is that businesses must give a valid justification for their need to record the calls.

Businesses must fulfill one of the following reasons to record the calls-

• Consent/Permission has been taken from the people involved in the call, to record their calls.
• Call Recording is mandatory for the fulfillment of the contract.
• Call Recording is necessary in order to fulfill a legal requirement.
• Recording is important to preserve the interests of one or more participants in the call.
• Recording is in public interest.
• Recording is in the legitimate interests of the recorder unless those interests are overridden by the interests of the participants in the call.

Call centers will have to work towards gaining the consent of customers so that they can record the call and provide a legitimate reason for recording.

3) Companies Will Have to Monitor Outsourcing

GDPR creates an immediate need for contact center supervisors and managers to understand the new legislation completely.

Companies that choose to outsource their call centers must keep in mind that call centers are the “Data Controllers.”

Thus, companies must check that their respective service providers use systems and processes that comply with the GDPR.

That is, the software used must be GDPR compliant.

4) Review Data Storage and Accessibility

Contact centers will have to secure all personal customer information and employee data as described in GDPR as Personally Identifiable Information (PII).

They must make provisions to include the right for customers to be forgotten, transfer the data, and access to any registered data. Therefore, call centers will have to look at data storage and how can it be accessible.

5) Companies Will Have to Notify Customers About Data Breaches

According to Wikipedia, Data breach refers to a security incident that involves the intentional or unintentional release of confidential/private information to an untrusted environment.

Under the GDPR compliance rule, organizations will have to report about data breaches to the concerned authorities and the affected individual within 72 hours. Therefore, organizations must have appropriate tools and techniques to detect and report data breaches.

6) Customers Will Have the Power to Get Their Personal Data Deleted

A significant advantage that GDPR will provide to the customers is that it will give them the authority to get their data deleted from the companies that have their personal information.

Companies will have to do things like performing an audit, maintaining a history of recordings, and keeping track of details on those recordings. The contact center should be able to delete the customer information in the future, upon request.

For this, organizations need to be technically equipped and develop multichannel communication platforms.

7) Ensure That Customers Can Easily Access Their Personal Data

Under the new GDPR guidelines, customers will have the authority to access their registered data in a Structured Digital Format. Also, organizations must make it convenient for the customers to access the data held about them.

By giving the provision to customers to access and alter their own data, companies can build trust and gain public confidence. The GDPR rule will let the customer be flexible with their own information and have access to it whenever they want.

How Will GDPR Affect Call Recording?

Call recording is the most common call center practice. But with the new GDPR compliance rules, companies will have to adhere to the recording according to the new parameters.

Since voice files are considered personal data, with GDPR in force, call centers will have to stick to the following rules

• Customers involved in calls have given their permission for their call to be recorded (consent should be received as a message during the call)
• The recording is in public interest
• Recording is needed to fulfill a legal obligation.

GDPR demands transparency from the organizations and puts customers before anyone else. It will bring a significant reform in the world of business and will ensure complete data privacy for the customers.