In May 2018 the time allowed to implement GDPR compliance runs out, and if you continue to collect and control people’s data in a non-compliant way, you run the risk of large fines and penalties.
GDPR is the General Data Protection Regulation. It applies across the EU and is being introduced into law in the UK in a way that means it is almost certain to continue to apply if and when the Brexit process is completed.
The scope of GDPR is huge – if you store people’s information for reasons other than directly fulfilling a contract, you are likely to be affected – and it puts in place certain rules on how you collect consent and how you delete people’s data if they request that you do so.
A GDPR example
A simple example of when GDPR applies is if you run an ecommerce site, then customers should expect you to use their address to arrange the delivery of goods – so you don’t need special permission to do so under GDPR.
But if you add their details to a direct marketing list, or keep a record of who buys which products to help you decide what to stock in future, then you need to get customers’ consent to use their personal data in this way.
You may be able to avoid this by anonymising the data, but even if you allocate each entry to a unique ID number or use the customer’s IP address instead of their name, this might be traceable enough to be deemed as identifiable data for the purposes of GDPR.
What should I do to comply with GDPR?
You need to take an honest look at the types of data you collect and what you do with that information once you have it – for example if you record calls that contain people’s names, contact details, account numbers or passwords (or similar information) you may need to change how you get their consent.
Unless it is essential for you to fulfil their contract with you – and therefore exempt from GDPR compliance – you will need to get the person’s consent upfront. You should also tell them why you collect their data and how it will be used, and you should make sure you document that the customer agreed to this.
Recording calls using Daviker contact centre solutions is an excellent way to do this for voice consent, and can help to flag up any completed calls where consent may have been missed, so you can ensure all of your call centre agents are up to speed on GDPR compliance.
Pitfalls of GDPR non-compliance
Make sure people can withdraw their consent if they wish. This should be quite easy – and not significantly harder than giving you their consent in the first place – so you may wish to allow it over the phone, or have an online form that call centre agents can easily refer people to.
Unless it is absolutely necessary to collect personal data, you should also offer your services to people even if they do not consent to their data being stored and processed – it should not be a ‘precondition of service’.
With these basics in mind and an understanding of any additional GDPR rules that apply to you, the implementation date in May 2018 should not be a major concern, and your Daviker call centre solutions can help you to keep compliant in the months and years to come.