Are Businesses Taking GDPR Seriously?
Rob Scott considers the possible impact of GDPR with business analytics experts Tollring
On the 25th of May 2018, the General Data Protection Regulation (GDPR) emerged, legally preventing marketers and companies from collecting and storing EU customer data without “explicit” consent.
GDPR presented a significant challenge to many organisations who were unprepared to transform their entire data strategy in time for the deadline. According to research by Dimensional Research and TrustArc, a few weeks after the legislation went into effect, only 20% of companies believed that they were “fully compliant,” though a little over 50% were implementing new strategies.
So, if so many people are bewildered by GDPR, where’s the evidence that businesses are taking it seriously, and why haven’t we seen more fines being handed out? Well, the simple answer is that the storms are coming. Litigation has already begun with larger companies like Google and Facebook – businesses potentially facing fines worth billions of dollars. At the same time, various crowdsourcing initiatives are creating their own privacy class actions. It seems that GDPR could be as serious as we thought after all.
How Is the World Responding to GDPR?
Though GDPR was created explicitly for the EU market, many companies have decided to apply the rules on a global basis. Some world-wide companies feel that GDPR standards are a great way to boost their reputation from a PR perspective, while others are simply concerned about protecting conversations with EU customers.
From a general perspective, the main thing that’s changing right now is the world’s knowledge of privacy and security. Even in the lead-up to GDPR, many companies had very little knowledge of what they were preparing for, and how the regulations would affect them. Consumers were even less informed, with studies suggesting that 91% of Americans would consent to conditions without reading them first.
By forcing people to re-think about the way information is shared and stored online, GDPR has had at least one positive impact on the digital world.
How Are People Dealing with GDPR?
The biggest impact that GDPR has had is on the unprecedented levels of awareness and transparency in the industry. The purpose of the regulation was to ensure that people had more control over their data, and in that regard, it’s been successful. More people than ever before are making complaints regarding privacy according to the latest reports.
The CNIL agency in France recently reported a 64% increase in complaints, which it believes shows how much the EU customers have seized management of their rights with GDPR. Additionally, the UK Information Commissioner Office reported that complaints had doubled since the new legislation had arrived.
So, what are businesses doing about this change? Not much. Recently, studies found that one in four companies have yet to fully implement a GDPR strategy, months after the deadline passed.
How are Comms Companies Responding to GDPR?
The biggest issue that most businesses have with GDPR is that they don’t fully understand how, where, and how much user data is being stored. Usually, information gets stored and siloed in systems that don’t connect, leaving businesses to search endlessly for the right information.
The good news is that some leading communication companies are taking the initiative with new campaigns and data protection programmes. RingCentral recently updated their data protection strategy with new protection standards, third-party audits and certifications. Similarly, companies like Avaya are looking for ways to help their channel partners meet their legal obligations regarding GDPR.
One of the Comms companies most prepared to help organisations adapt to GDPR is Tollring. Not only has the company’s strategy for preserving private data been a strong part of their product portfolio for years, but the organisation also has various certifications in place to ensure security. Tollring even provides call analytics and call recording solutions that are intended to give businesses more control over the information that they’re storing, so that they can adhere to the rules and regulations of GDPR, including explicit consent and right to be forgotten.
Tollring has a comprehensive strategy in place for GDPR, for both their on-premises and cloud solutions, featuring everything from comprehensive policy management to filterable audit reporting, extension archiving, definable call recording rules, and a complete compliance dashboard.
Not All Businesses are Thriving
Unfortunately, organisations like Tollring appear to be less common than they should be. Even though GDPR has been around for some time now, companies have struggled to keep up with such a large change to data management. Many end-user organisations like Marriott, Netflix, and Facebook have been overwhelmed by the number of data requests they receive every day. Reportedly, this issue has been exacerbated by the presence of issues like the Cambridge Analytica Scandal.
Rather than finding a solution to the GDPR problem, some businesses have even decided to avoid dealing with the issue altogether by suspending the services that they offer to EU customers. For instance, the USA Today publication only provides European readers a heavily edited version of their content, while the Chicago Tribune stopped access for EU users altogether.
For the most part, the businesses “shutting down” after GDPR are those that operate outside of the EU, who simply weren’t prepared for the change. However, there are internal companies that are struggling too, particularly those with legacy equipment to think about.
How Does Legacy Call Recording Relate to GDPR?
As mentioned above, businesses are struggling to find the data that they need to manage to become GDPR compliant – and nowhere is that more of a problem than with companies who have legacy call recording solutions on-premises. Businesses with on-premises equipment have a much harder time finding the data they need when a customer asks for it, but Tollring have introduced a compliance centre into their iCall Suite product which allows companies to manage policy rules, easily delete call recordings, access audit reporting and view key compliance metrics in a dashboard as necessary.
Tollring advocates that as well as these enhancements helping businesses directly, partners can also benefit by becoming the trusted experts on GDPR relating to call recording. As call recording applications have evolved in line with regulations, so has the opportunity to sell greater, more powerful and easier-to-use applications.
GDPR has significantly changed the balance between customers and the brands they work with. Now more, customers than ever are exercising their right to be forgotten, and organisations need to be prepared for that. Already, engineering departments are being asked to look for new ways to introduce “privacy by design” into the systems that they implement.
For many years, companies have ignored issues like PCI compliance, and they’ve recorded 3-digit numbers when taking credit card payments over the phone – despite the legal issues. GDPR takes the recording of personal data even more seriously, and businesses are only just starting to see the effects.
Even if we haven’t seen a lot of fines being issued yet, enforcement is coming. There’s been something of a quiet lull up until now, but it’s taken time for official companies to hire and train the staff that can respond to non-action. The Irish DPA had at least 100 job openings waiting to be filled in May. It seems that we’ll begin to see the impact of this new regulation in full force very soon.