As long as a consumer is a citizen of the European Union, all vendors are expected to adhere to the requirements of the new legislation. As a result, this sweeping regulation will have a ripple effect across the entire global marketplace, affecting all commercial services and products that are sold to any individual with EU citizenship. All to say, any contact center that is either based in the EU, or dealing with EU consumers, will need to comply with the new standards.
The EU defines “personal data” as “any information relating to an identified or identifiable natural person.” Therefore, companies should work under the assumption that any and all data that can be related back to any individual consumer should be protected. Penalties are significant, so call centers should ensure that their company has up-to-date work practices and infrastructure to comply with the new standards.
GPDR demands a more active role from consumers when giving consent. Consumers will be required to actively “opt in” when giving companies permission to access their personal data, in contrast to previous practices that allowed companies to assume an “opt in” policy automatically, which left the consumer with the responsibility to “opt out”. In the context of a contact center, this may require a question at the beginning of phone conversations to confirm that all permissions to use and access personal information, as well as recording the call, have been granted.
When a data breach occurs, companies have only 72 hours under the GPDR to notify the supervising authority. This means that companies should have a plan ready for the worst case scenario, i.e. a full on data breach. Therefore, businesses need the technological resources to summon the contacts of all of the consumers in the database, as well as potentially having a backup of the entire database readily available in case the original is corrupted or ransomed.
Companies are expected to collect only the information that they need and nothing more. In the past, businesses were encouraged to collect as much personal information as possible in the hope that it might one day become valuable. Under GDPR, however, the storage of personal information can be more of a liability than a benefit given the significant penalties that can result from a data hack or the mishandling of data. Using software like LeadDesk, which are tailored to German data requirements that are even more stringent than GPDR, contact centers can position themselves to tackle these challenges with sophistication.