By: Aimee Clifton
Share This Post
How prepared is your contact centre for the new GDPR legislation?
Since parliament voted to implement the new data protection law – the General Data Protection Regulation (GDPR) – companies are frantically trying to get to grips with the new changes to ensure the necessary processes and procedures are in place to enable compliance.
The new legislation will affect every entity that holds or processes European personal data both inside and outside of Europe.
With the new law taking effect from 25 th May 2018, there’s little time to ensure your business is fully able to adhere, and with non-compliance attracting fines of up to €20 million or 4 per cent of global turnover, there’s certainly a lot at stake.
Why are these changes happening and what do they mean?
The EU’s GDPR website states the new legislation is intended to "harmonise" data privacy laws across Europe as well as give greater protection and rights to individuals. With the ongoing technological evolution, the new legislation will address the need to embrace tighter security processes to adequately protect customer data on a variety of newly available platforms, such as cloud based programmes and software.
Is my business at risk?
Contact centres typically store large amounts of sensitive customer data, which can often make them key targets for cyberattacks. Although being a key target doesn’t necessary indicate vulnerability if adequate security measures are in place, but it does mean your business will need to take the necessary steps to process customer data fairly and consistent with the new legislation. Investment in sound IT infrastructure and stringent security policies and practices are imperative to protecting your organisation and should be integrated fully to comply with the new legislation.
How can I prepare?
The good news is that if your business presently complies with the current Date Protection Act (DPA) you’re already in good stead to be compliant with GDPR, as many of the principles are the same. However, there are significant changes that require you to take action, and with heavy fines in place for noncompliance, it’s imperative to anticipate how you’re going to make these necessary changes.
A sensible starting point would be to go through the Information Commissioner’s Office (ICO) list of guidelines and advice to enable you to cover all the relevant areas relating to your practices. You can find the guidance here.
It’s also worth considering that while it’s not a mandatory requirement to have a Data Protection Officer (DPO) in place (unless you’re a certain type of business who processes large amounts of sensitive data for instance) it may still be beneficial to have one in place to ensure execution and maintenance of any changes your business is faced with. For example, under the GDPR, any person can now make a Subject Access Request (SAR) free of charge, which must be granted within one month.
Because this service is chargeable under the current DPA, businesses may see a sharp increase in the volume of request, so you’d need to ensure you have the allocated resources in place to cope with situations like this. There’s lots of sources and information out there to help your business prepare for the big change, but if you’re keen to not have to deal with the risks attached and want to work with a partner that looks after all of this for you then we are here to help.
Here at EC we are making huge investments in people, technology and process ahead of the changes. If you have a need to increase sales, acquire new customers or improve your relationship with your customers, EC can assure a bespoke and compliant campaign that works for you. Get in touch to find out more.
For full information about GDPR and how it could affect your business, see www.eugdpr.org