GDPR Compliance in the Contact Center
GDPR affects several critical areas of business. This article will focus on how the GDPR impacts how to record calls, store customer data and use that data to improve the customer experience while being GDPR compliant in the Contact Center.
Any business that collects data from people who live in the European Economic Area (EEA) and United Kingdom (UK) needs to comply with the General Data Protection Regulation (GDPR).
The regulation went into effect on May 25, 2018 and is among the strictest privacy laws in the world. Organizations that don’t comply with the GDPR can be fined up to four percent of turnover, or up to €20 million.
The Impact of GDPR on Contact Centers
Contact centers traditionally use customer data to improve their service and deliver better outcomes to customers. Even so, they need to comply with the GDPR, which mandates that every consumer has the right to know what information is being collected by companies and how that information will be used.
Additionally, consumers may have the right to ask companies to stop collecting data and delete all company records about them.
Many companies use outsourced contact centers. In these cases, the main client company (that is, the company that outsources the work) is responsible for ensuring that all customer data the third-party company has available to them is protected.
To comply, contact centers will need to update their processes for collecting and storing data. They will also need a process that allows customers to access their private data and for that data to be securely deleted if requested.
How to Securely Manage Customers’ Personal Data in a CCaaS System
All personal data that can be used to identify a person is covered under the GDPR. This includes a person’s name, home address, birth date, social security number, and phone number. Additionally, all web-based data is protected, such as a person’s IP address, cookies, and location.
Call centers are already used to asking for permission before recording calls. Now, they will need to justify recording it. With the GDPR, there are six justifiable reasons for recording calls:
- Callers have given consent to call recording
- Call recording is mandatory to fulfill a contract
- Call recording is required to fulfill a legal obligation
- Call recording will preserve the interests of one or more call participants
- Call recording is in the public interest
- Call recording is in the legitimate interests of the recorder UNLESS the interests of the call participants override the recorder’s interests.
Ensure GDPR Compliance in Your Call Center
Follow these steps to ensure your call center is complying with GDPR.
- Justify recording calls using the above list
- Record caller consent
- Allow callers to opt-out of being recorded
- Create a data retention policy for all audio recordings, including a default period of storage
- Create a GDPR addendum for legal agreements
- Encrypt all call recordings
- Enable call recording deletion
- Create a process to notify customers within 72 hours of a data breach
Because contact centers collect so much data, they need to be particularly attentive to GDPR. Is your contact center GDPR compliant?
If not, we can help! Contact us today to learn more.
Book a demo of Connectels CCaaS