Preparing for GDPR – Time to get a plan in place?
Counting down to the GDPR deadline - 25th May 2018
With twelve months until the GDPR (General Data Protection Regulation) guidelines begin falling into place, European contact centres are considering how the latest changes are going to impact the way that they protect and handle data collected through customer communications. The legislation will cover all areas of consumer data, and includes a host of penalties for people who fail to comply, meaning new financial implications for businesses.
Contact centres are beginning to focus on PCI DSS solutions for compliance, and addressing the new spotlight on payment security. After all, it’s important to make sure that a customer’s data is protected to ensure their ongoing business and trust. Here, we’ll cover some of the elements of GDPR that you should be aware of.
The General Data Protection Regulation directive will come into force on the 25th of May 2018 and will outline the next steps for a digital market, repealing the existing Data Protection Directive. This will allow processors and data collectors to access new obligations for compliance, including:
- Breaches, Consent and Subject Rights: The GDPR hopes to improve the rights of individual subjects for data with corrections of, access to, and objectives for personal data. Consent given by subjects must now be simple and explicit in the case of sensitive data. What’s more, the DPA will need to be informed of any breach within 72 hours when possible
- Financial penalties: Fines will now be imposed for certain infringements of up to either 4% of the annual worldwide turnover for the data collector, or a set amount of 20 million in euros
- Privacy and Accountability: Those responsible for controlling data must show their compliance by holding documentations, and conducting data protection assessments for high-risk processing solutions
- Data processing: Processing records must be recorded on paper, and a trained protection officer must watch over operations where possible
- BCR: The GDPR follows a gold standard BCR for processors and controllers who need to authenticate intra-group international data solutions. BCRs must be addressed by all employees participating in intra-group procedures
Getting Ready for the Deadline
Now that time is running out, it’s important to look at your business and make sure that you take steps to get ready for the deadline. With the coming GDPR in mind, remember to:
- Plan for security breaches with a clear framework of key policies
- Establish an accountability framework so that staff is constantly monitoring data and reviewing high-risk issues
- Get a competitive advantage by making sure that privacy is embedded into your processing systems
- Analyse personal data use, and make sure that your current documents and processes are well-informed and clear
- Check policies and privacy notes and ensure that they’re in a clear, accessible format
- Know your obligations and put your customer’s minds at rest by implementing modern regulations
Remember, the GDPR comes into force on the 25th May 2018. Don’t get caught out, start your preparations as soon as possible.
UC & Contact Centre Vendors
We’ve spoken to a number of unified communications and contact centre vendors recently and many do not have a firm position on whether their products are (or will be) GDPR compliant. If you’re a reseller or channel partner we recommend starting some early discussions with your suppliers to ensure you can answer the questions you’re going to receive from existing and prospective customers.