Stay Safe: How to Protect Your Contact Center Under GDPR

*Phew* Can we sit down for a brief moment? We’re a little tired these days, fatigue borne of constantly staying in the know.

For those of us toiling away in the world of contact centers, staying educated and adapting our practices are our greatest and most crucial challenges. Not only are we clinging to the fast-moving coattails of technological shifts that send shock waves through our industry, but we are also scrambling to keep ourselves modern, current, and meeting the evolving needs of consumers. All the while, we’re working to become industry experts in (and make sense of) the standards, agreements, and laws that impact our customers, our contact centers, and our businesses.

Recently, we’ve all been trying to merrily roll alongside the Big Wheel of modern privacy laws: The General Data Protection Regulation (or as we’ve come to know and love it, GDPR). Our gift to you in these busy times is a breakdown of the whos, the hows, and the whats of this important new regulatory shift in data protection.

You’re welcome.

So, Uh, What Exactly is GDPR?

Good question! GDPR is a relatively new law dictating how data, personal and otherwise, is managed, processed, accessed, and deleted by companies that regularly gather it. According to Contact Centre Panel, this includes health data, information on political or organizational affiliations, and even biometric data.  As a contact center aficionado, you should know that this domain-shifting law affects all businesses working with data gained from consumers/clients/customers, and by any means. Facebook, Google, Apple and other institutions that thrive upon insights gained from personal data collection are certainly not immune and have taken strides to comply with this regulatory upheaval after facing increasing public scrutiny.

So far, GDPR largely applies to the European Union (EU) and is an upgrade from the Data Protection Directive of 1995 (which admittedly was lagging behind the digital times). GPDR gives consumers the ability to:

• Hold companies accountable for their data management;
• Request and gain prompt access to any of their personal data gathered by these companies;
• Request that their personal data be destroyed or removed; and
• Take control over their ‘private’ personal data in an online world.

Cool. So, How Does GDPR Impact Contact Centers?

Another good question. GDPR will have some significant impacts upon contact centers, but mostly in relation to how they manage their customers’ finer digital details:

• *Any* personal data that is mined and stored by contact centers must be made available to consumers if and when requested, in an accessible digital format, and for no charge whatsoever;
• Contact centers will face stricter rules for recording and archiving customer interactions; they must be able to justify that a recording is necessary either for contract fulfilment, legal requirement, or protection of a party’s interests;
• Consumers must explicitly consent to be recorded in any way, via any touchpoint; and
• Contact centers must take extra precautions in protecting the data they have stored (many data breaches occur online) from online ‘pirates.

What Can We Do to Meet GDPR Standards?

Another fine question. You’re on a roll! The best advice we can give you is to keep your finger on the pulse – meeting GDPR standards requires diligence and remaining ‘in the know’. Don’t forget: You are 100% accountable for mistakes, no matter how innocent or short-sighted, and these slip-ups could cost your business dearly. Protect yourself by:

• Hiring a GDPR consultant, a team of specialists, or appointing a designated ‘GDPR expert’ on your existing team;
• Devoting more time to building systems which better identify and shut down data breaches;
• Encrypting all data gathered from consumers to lessen the possibility of having that information hacked, stolen, and used in unlawful ways;
• Putting systems in place that can quickly recall data when consumers request it;
• Ensuring that consent options are available at every touchpoint of your contact center experience and that ‘opt-in’ language is understandable, reasonable, and GDPR compliant; and
• Remembering that all data gathered from consumers in the past is illegal to use.

Hopefully, that clears it up! To all contact centers, businesses, and your loyal customers: In this time of change, stay safe.