Is Your Contact Center Prepared for General Data Protection Regulation (GDPR)?

In May of 2018, the European Union will officially adopt the General Data Protection Regulation (GDPR), new legislation created to provide consumers with enhanced safeguarding of their personal data.

There has been a greater volume of media coverage about the new regulations in Europe, but GDPR also affects American companies; Contact centers deal with personal data and many of them serve global markets, including Europe. Personal data is used to identify and assist customers, and businesses handling this type of information should pay attention to the new law as well.

Here’s what you need to know:

  • GDPR will be effective on May 25, 2018, and applies to all organizations handling personal data in the 28 countries of the European Union.
  • Any information relating to “an identified or identifiable natural person” is considered personal data. This includes not just names but online identifiers and data that track a person’s location.
  • Customers now have the right to have their data erased or transferred from one data controller to another.
  • Contact center agents have access to customer personal data to be able to assist them and they need to be compliant to the new regulation.
  • Compliance with GDPR is mandatory; failure to comply is punishable by fines as high as 20 million EUR or 4% of a company’s annual revenue.

Concerns about being compliant? Here’s how to get started:

  • Perform a complete data inventory to identify the information currently being collected and used.
  • Monitor and adopt officially approved/sanctioned best practices to enjoy any safe harbors regulators afford.
  • Consider, where applicable, creating a limited-liability establishment in the EU jurisdiction that offers regulatory oversight.