The General Data Protection Regulation (GDPR) comes into effect on May 25th 2018. This means you have less than 500 days to get on top of it. Failure to adhere to these new rules will result in regulatory fines of up to €10M, or 2% of your global annual turnover.
The GDPR is a significant new set of laws and compliance measures that will affect the operations of any organisation that holds EU citizen data – including contact centres across EMEA and beyond.
Under the GDPR, individuals will have the right to access, change and remove any of their personal data. This means that contact centres must ensure that the information they house is not only properly stored, but also made available to legitimate customers.
It sounds like a straightforward requirement. However, because contact centres are often the target of data breaches, it’s fraught with risk.
The average contact centre is home to huge volumes of valuable data. Yet it will often lack the same protections that are afforded to physical offices and digital networks. Subsequently, we’ve found that 61 per cent of fraud originates in the telephony channel before spreading to digital channels like email and web. What’s more, contact centres are also vulnerable to social engineering from fraudsters, especially when agents are trained to prioritise high quality customer service above causing conflict.
In a GDPR world, data protection will have to be incorporated into the core of all business procedures, products and services, and all employees will have to be aware of their obligation to protect consumer data. By taking steps to prevent data breeches, customer data is protected and brand reputation remains unaffected.
Obviously for any new EU regulation, there is the question of how Brexit will affect it. In the case of the GDPR, it’s widely accepted that UK law will mirror that of the rest of the EU. Especially while discussions about what a post-Brexit regulatory environment will entail are still ongoing.
For contact centres that solely operate in the UK, or whose customer base is wholly British. That means there’s no free pass on GDPR compliance. And all companies that fail to comply will face written warnings that can escalate to hard and expensive penalties.
Capitalising on the GDPR
Contact centres ultimately have two choices. Either comply with GDPR and retain their customer base, or disregard the new rules and stop serving the EU market. For large organisations, and small businesses who hope to grow, the latter is simply not feasible.
Yet GDPR compliance should not be seen as an inconvenience. Rather, it should be a way for companies to introduce a robust data protection strategy, and to realise the benefits of being a voice-protected company in the digital era.
We’re already seeing technologies such as Amazon’s Alexa, Apple’s Siri and Microsoft’s Cortana working with everything from phones and tablets, to cars and refrigerators. And future-gazing experts expect voice assistants will play an integral role in how we connect with Internet of Things (IoT) devices in years to come. So, for businesses, protecting sensitive voice data today means being able to broaden the amount of solutions it’s possible to take advantage of tomorrow.
Our advice is simple: don’t wait until it’s too late. Look at phone network protection now, and what adaptive, layered security measures can be put in place to protect sensitive data going forward.
Read our whitepaper, GDPR Impact on Contact Centres, to learn more.