fbpx

Preparing for GDPR – Time to get a plan in place?

Counting down to the GDPR deadline - 25th May 2018

Preparing for GDPR – Time to get a plan in place?

With twelve months until the GDPR (General Data Protection Regulation) guidelines begin falling into place, European contact centres are considering how the latest changes are going to impact the way that they protect and handle data collected through customer communications. The legislation will cover all areas of consumer data, and includes a host of penalties for people who fail to comply, meaning new financial implications for businesses.

Contact centres are beginning to focus on PCI DSS solutions for compliance, and addressing the new spotlight on payment security. After all, it’s important to make sure that a customer’s data is protected to ensure their ongoing business and trust. Here, we’ll cover some of the elements of GDPR that you should be aware of.

Introducing GDPR

The General Data Protection Regulation directive will come into force on the 25th of May 2018 and will outline the next steps for a digital market, repealing the existing Data Protection Directive. This will allow processors and data collectors to access new obligations for compliance, including:

  • Breaches, Consent and Subject Rights: The GDPR hopes to improve the rights of individual subjects for data with corrections of, access to, and objectives for personal data. Consent given by subjects must now be simple and explicit in the case of sensitive data. What’s more, the DPA will need to be informed of any breach within 72 hours when possible
  • Financial penalties: Fines will now be imposed for certain infringements of up to either 4% of the annual worldwide turnover for the data collector, or a set amount of 20 million in euros
  • Privacy and Accountability: Those responsible for controlling data must show their compliance by holding documentations, and conducting data protection assessments for high-risk processing solutions
  • Data processing: Processing records must be recorded on paper, and a trained protection officer must watch over operations where possible
  • BCR: The GDPR follows a gold standard BCR for processors and controllers who need to authenticate intra-group international data solutions. BCRs must be addressed by all employees participating in intra-group procedures

Getting Ready for the Deadline

Now that time is running out, it’s important to look at your business  and make sure that you take steps to get ready for the deadline. With the coming GDPR in mind, remember to:

  • Plan for security breaches with a clear framework of key policies
  • Establish an accountability framework so that staff is constantly monitoring data and reviewing high-risk issues
  • Get a competitive advantage by making sure that privacy is embedded into your processing systems
  • Analyse personal data use, and make sure that your current documents and processes are well-informed and clear
  • Check policies and privacy notes and ensure that they’re in a clear, accessible format
  • Know your obligations and put your customer’s minds at rest by implementing modern regulations

Remember, the GDPR comes into force on the 25th May 2018. Don’t get caught out, start your preparations as soon as possible.

UC & Contact Centre Vendors

We’ve spoken to a number of unified communications and contact centre vendors recently and many do not have a firm position on whether their products are (or will be) GDPR compliant. If you’re a reseller or channel partner we recommend starting some early discussions with your suppliers to ensure you can answer the questions you’re going to receive from existing and prospective customers.

UCToday.com will be reporting regularly on GDPR across the next few months, if you have an opinion or would like to comment as things unfold, contact us or comment below.

Got a comment?

3 Comments
AvatarDid the FCA Get it Right with its U-turn on MiFID II Call Recording Rules? - CommsTrader 08:06, 26 Jun 2017

[…] of EU legislation, the GDPR, will also come into force. Replacing the Data Protection Act (DPA), the GDPR will impose much tougher rules on the protection of sensitive data captured by any means or […]

Reply to this comment
AvatarDid the FCA Get it Right with its U-turn on MiFID II Call Reporting Rules? - CommsTrader 05:06, 26 Jun 2017

[…] of EU legislation, the GDPR, will also come into force. Replacing the Data Protection Act (DPA), the GDPR will impose much tougher rules on the protection of sensitive data captured by any means or […]

Reply to this comment
AvatarCall Recording and the GDPR: Preparing for the New Data Laws - CommsTrader 09:06, 21 Jun 2017

[…] Carrying out a thorough audit of call recording practices, from the notifications given to how recordings are stored, is the first step to take. This should be done in the context of a wider evaluation of data protection, taking into account factors like how data breaches are identified, impact assessments and training and awareness within the business. From there, policies and protocols can begin to be drawn up, giving you plenty of time to make sure you hit the ground running come May 2018. […]

Reply to this comment

Please login to comment

Login

Popular Posts

Related Articles