When the General Data Protection Regulation (GDPR) comes into effect next year, individuals will have more control over what businesses do with their data.
Companies who aren’t compliant, could face million pound fines. At The Contact Centre Panel, we are currently assessing our network to ensure our members are GDPR compliant.
Businesses must be GDPR compliant if they are involved in regular “processing” of certain categories of personal data – including collecting, storing and using data.
These categories include:
- health data
- racial or ethnic origin
- political affiliations
- religious beliefs
- genetic and biometric data
- sexual orientation
How to prepare your business for GDPR:
- Appoint a designated ‘expert’ Data Protection Officer in your business.
- Businesses must report theft or loss of personal data under their control to the national data protection authority within 72 hours.
- Consent must now be given before any data can be used – by users opting in to allowing it, rather than being given the option to opt out. Data previously gathered without meeting the new standards of consent can no longer legally be used.
How does GDPR affect contact centres?
- All information stored on a customer must be made available to them if requested.
- More than 60% of fraud originates over the phone, before developing further through digital methods.
- Contact centres are home to big volumes of valuable data, so you will have to be aware of your obligation to protect consumer data.
How Brexit will affect GDPR?
Contact centres have two choices:
- Comply with GDPR and retain their customer base.
- Disregard the new rules and stop serving the EU market (including the UK).
When does call recording comply with GDPR?
- the people involved in the call have given consent to be recorded
- recording is necessary for the fulfilment of a contract
- recording is necessary for fulfilling a legal requirement
- recording is necessary to protect the interests of one or more participants
- recording is in the public interest, or necessary for the exercise of official authority
- recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call