The General Data Protection Regulation (GDPR) is a legal framework for the handling of personal data of individuals based in the European Union (EU), regardless of where their data ends up being held or used. As consumers, we are living in a highly connected world where we are constantly adopting new digital behaviors. With these new behaviors, organizations have to adhere to consumers’ expectations for real-time personal engagement, while still being sensitive to their concerns over privacy. The GDPR not only aims to give individuals control over their personal data, but also to simplify the regulatory environment for international business by unifying regulation. With new standards around the legal obligations regarding the use of personal data, a response is required from organizations of all sizes, inside and outside of the European Union.
- Why is the regulation in place? The GDPR legal framework reflects the urgency required to confront the privacy issue that currently threatens to undermine the digital economy. More than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach accounting for 64% of all data breaches. The mismanagement of customer data matters to both to the individual and the organization. While individuals suffer from the compromised protection of their personal data, organizations suffer from damaged brand reputation.
- Which individuals are protected? The GDPR protection of an individual’s personal data is triggered by that individual’s physical location in the EU, not nationality. Individuals also remain protected by the GDPR if they temporarily or permanently leave the EU territory, providing their data is still physically held within the EU. Visitors to the EU are also protected because they become EU customers during their stay. Additionally, GDPR protection applies to personal data even if it is being stored and processed outside of the EU. This will require organizations to unpick the personal data of EU citizens and residents, which is often scattered among the rest of a business’s corporate data.
- What changes are organizations facing internally? The GDPR demands a certain level of ongoing data management competency that affects the entire organization, including the call center. This requires creating an accountability and governance strategy for protecting the privacy and personal data of customers. Additionally, organizations must provide consumers with information and transparency around the use of personal data, as well as give them the right to access and change that personal data.
- How does the GDPR affect the call center? When it comes to information security, call centers are a vulnerable touchpoint where customers engage directly with their most sensitive information. Today’s fraudsters are equipped with highly sophisticated technology that allows them to easily surpass security measures put in place by both call center agents and self-service IVR technology. Call centers need to use technology to move onto the forefront in terms of responsiveness to the threat of fraud in order to avoid the consequences that come from failing to comply with the GDPR.