Call now 0114 2096120

News & Publications

GDPR – What’s Happened So Far?

11.01.19
GDPR Compliance Checklist - How is your Contact Cenre doing?

GDPR – What’s Happened So Far?

GDPR has been the biggest new change in data regulation to hit the industry… So, what has the impact been on outbound Contact Centres? We talk to industry insiders for an honest view.

By Phil Kitchen, Director, the Contact Centre Panel

When the General Data Protection Regulation was implemented in May 2018, it was the single biggest change in Data Privacy laws across the European Union. Whatever the post-Brexit future holds for business, the effects of GDPR will continue to be felt into 2019 and well beyond.

With their reliance on personal data for outbound calling, there’s no doubt that Contact Centres and the Brands that use them have had to take GDPR very seriously. If the threat of severe financial penalties for non-compliance wasn’t enough of an incentive, the reputational damage of failing to meet the regulation’s requirements in a very competitive industry have weighed very heavily on many Board’s minds!

How Did Contact Centres Prepare for GDPR?

We spoke with some of our contacts in the Contact Centre industry to take a look back at the year when GDPR was implemented, and to ask some pertinent questions about how it’s impacted their operations. Troy Attwood is CEO of Rendham Marketing Services, a provider of high value lead generation services who hold registrations and accreditations from the Financial Conduct Authority (FCA), Ministry of Justice (MOJ), Direct Marketing Association (DMA) in addition to their GDPR obligations. So if anyone should know about data compliance, it’s Troy. Another of our experts, Matt Marshall is Sales Director of ResQ, a business founded to combine the best of Outbound and Customer Service which has longstanding partnerships with major brand names and boasts full compliance with Ofcom’s new outbound calling regulations (which we wrote about in this article). We asked them both about their preparations for GDPR implementation.

Troy of Rendham begins: “We began preparing two years before GDPR’s implementation date by making sure we kept abreast of plans for the new regulations. Obtaining and recording Permissions from the people in our outbound lead generation databases is a huge part of our business so we’d already invested a lot of effort in making sure we worked to the best possible standard. So nothing significant needed to change from a process point of view. However, there were some changes needed – data storage for holding personal data, for example. No matter how confident we were in our processes, GDPR was always going to have some impacts on our routines so we had to remain vigilant and make sure we were always up to date with the plans.”

“We prepared for GDPR knowing that 90% of what would come into force would already be in place thanks to our FCA, MOJ and other accreditations, but the way compliance was documented was bound to change and this is an area where many businesses may still not be compliant even now.”

Matt Marshall of ResQ described their planning approach: “I’m sorry to say I’ve been around long enough to remember all the planning that went into Y2k projects! That was another example of how thorough preparation enabled some huge businesses to cope with potentially enormous changes. At ResQ we put a GDPR committee together which met fortnightly and reported to our main Board, so we took things very seriously.

“Meeting regularly as a group allowed us to assess the impacts of the regulation thoroughly and to make sure that we would be 100% compliant from the outset. As a result we were very comfortable with the regulations when they came into force. In some cases, Our clients have adopted ResQ’s approach, which is something we’re very proud of. We were also pleased that once GDPR came into force in May, there were absolutely no surprises.”

Has GDPR Caused Any Significant Business Disruptions?

Troy from Rendham speaks confidently about the impact of GDPR in his business: “No. Not for Rendham anyway! The main impact on our business has been the time we’ve invested with our clients to ensure that they’re protected from the risks and compliant in their use of the data that we provide. As their data supplier, we have to be confident in their processes and diligent about how they use the data.”

For ResQ, Matt addresses the fears about whether enough marketing data would be available once GDPR was in force: “There was speculation about the size of the prospect universe once GDPR’s regulations regarding permissions and storage of personal data became real. Thanks to some good preparation before May by a lot of organisations, I’m pleased to say that there are still sources of good data with full provenance of opt-ins, so this means we can be confident that our clients are able to respond confidently to access requests if and when they occur.

“In time, there may be some contraction in the overall size of the databases available, but this will be as a result of prospects being more aware of how their permissions are being used. Therefore, those prospects who give their permission to be contacted should be better quality prospects, which may help good outbound Contact Centres to work more efficiently as well as compliantly.”

Has GDPR Resulted In Mostly Positive, Or Negative Impacts For Your Business?

“At Rendham, GDPR has been a hugely positive opportunity” says Troy Attwood. “As a provider of leads with so many accreditations by major industry bodies, we are in a great position to demonstrate compliance and this puts us into a great position. However, there are some genuine risks. As much as we have excellent processes in place, we have to manage the risks very carefully. It could be possible for an offshore, unregulated Contact Centre to re-use data in a separate campaign or client relationship, for example. This would be a mis-use of the data and we have processes in place to avoid this happening. We have to be extremely diligent with our client and supplier relationships to maintain the highest levels of compliance, trust and care.”

Matt Marshall talks about the positive impacts of GDPR for good businesses: “We’re also seeing positive effects at ResQ. More stringent checks for compliance, including details about opt-ins, mean a better experience for customers. Outbound callers can use the data with confidence and respond quickly to questions from prospects. Prospects therefore feel more looked after and understand their own position better, which leads to more fulfilling conversations.

“In the longer term, GDPR should smarten the industry up as a whole, which is a huge positive for prospects, businesses and the industry.”

What Do You Expect The Longer Term Effect of GDPR To Be?

Although GDPR has only been in force for six months as this article is written, the future is already being planned by the better outbound operators. A future with more empowered prospects and better quality data is one which should be better not only for consumers, but for professionally-managed compliant Contact Centres and Data Suppliers. Whilst the industry may not yet be 100% compliant, tales of data breaches and misuse will continue to urge everyone to put their houses in order.

“Things will continue to improve,” says Troy. “In late 2018 there are probably many Contact Centre businesses who are not yet fully compliant, but the numbers will reduce over time and the industry will be a better place.

“Better quality data will mean less seats in Contact Centres on outbound calls, but will also mean better quality leads and more sales per hour. Thanks to GDPR this will be because of better, compliant, more timely data from more engaged consumers.

“Businesses who use outbound calling need to understand this and move from a position of seeking cheap leads towards seeking great leads.”

Troy’s comments are echoed by Matt from ResQ: “More consumer awareness of the increased powers they have as a result of GDPR will give them more confidence when they are contacted – they will be happier that the call is from a brand they have approved. The prospect universe may shrink, but better conversations and higher conversions will be the result.

“Consumers won’t be bombarded with irrelevant content, and there will also be increased personalisation of communications thanks to the outbound Contact Centre’s high confidence in the data quality.”

So, What Does This All Mean For Outbound Contact Centres?

Our conversations with people in the Contact Centre industry and with major clients reinforce the intention of GDPR: that the good Contact Centres have not suffered major business impacts as a result of GDPR’s implementation, and that their operations are actually becoming more efficient as a result. Yes, there has been work to do – this is inevitable with any big change in a regulatory framework – but fundamentally GDPR promotes good practise.

Six months after implementation, there will still be a minority of Contact Centres who are not 100% compliant but most are striving towards that requirement with serious intent and the industry will become better as a result. The consequences of non-compliance are potentially huge, so the incentive to comply is a large one.

Those Contact Centres who are not taking compliance seriously will now struggle to position themselves in the marketplace against the more stringent rules, leading to a situation where they’re forced to clean up, or move out!

At the Contact Centre Panel, we’re working with Steve Sullivan of Channel Doctors to profile our network of over 80 Contact Centres. An essential part of this process is a set of specific questions around adherence to GDPR, so the brands who use CCP can be assured that their chosen Contact Centre will have taken appropriate steps to become compliant.

Steve says that “Profiling the Contact Centre Panel’s network of Contact Centres ensures that GDPR compliance, among many other important factors, is assessed in advance which mitigates some of the more significant risks very early in the selection process, making sure that only the most appropriate providers are put forward for the brand to choose from.”

What Does GDPR Mean For Brands Using Outbound Contact?

For a brand, it will become more important to understand and value the ever-present concept of cost-per-hour versus quality. Setting criteria for choosing Contact Centres which focus on results and compliance, not just costs, should yield better results in shorter timescales. The best-equipped and best-prepared Outbound Contact Centres will already be using high quality data with up-to-date permissions and clear audit trails showing data provenance.

Consumer experiences should therefore be more favourable and Customer Service requirements should be reduced. After all, fully compliant personal data won’t result in high numbers of data queries.

At The Contact Centre Panel, it’s our job to make sure that Brands and businesses find the best Contact Centres to meet their complex needs. An in-depth knowledge of the sectors we work with, coupled with our rigorous selection process and network of over 80 outsourced Contact Centre providers, enables us to work with major brands and growing businesses alike to find the right partners. We offer a free, no-obligation assessment of your current Sales and Customer Service Contact provision, so just contact us by email or call 0114 209 6120 to talk about your needs. We won’t push: we will only help if you need it.

Keep In Touch

Follow CCP on LinkedIn for regular industry news and updates. It’s not all about us! Just look at our website’s News & Publications page for many more helpful articles.

To find out more about working with the perfect partner for your business, give us a call here at Contact Centre Panel on 0114 209 6120 or contact us using the form on our website.

Back to News

Contact us

We’re always looking for new people to do business with. So whether you’re a contact centre or looking for one, we’d love to hear from you.


  • 0114 2096120
  • info@contactcentrepanel.com

Contact Centre Panel,
The Portergate
227 Eccleshall Road
Sheffield
S11 8NX

  • Contact Centre Panel accreditation