Most of our contact centre customers initially met the GDPR with as much trepidation as anyone else. After working with our customers, I have found that those who embrace the new regulation and use it as an opportunity to transform their compliance processes have a lot to gain. By taking a holistic approach to securing and maintaining the integrity of their systems, contact centres establish the basis for receiving a range of benefits that GDPR compliance offers.
Getting your compliance ducks in a row ahead of the deadline could hold great potential for a more efficient use of resources and more effective insight generation from information collected in the contact centre, future-proofing your organisation. Here are some of the activities that I recommend to our customers in preparation for the GDPR:
Make the most of Customer Engagement
The new regulation encourages a greater level of customer trust. For example, The GDPR requires customers to give explicit consent before organisations can use their data. The new regulation also encourages trust in more indirect ways – for example, with the new complications around using third-party solutions. As a result, organisations are likely to reduce their reliance on third-party solutions, bringing data control in-house, in a more tightly regulated environment. This knowledge that customers have given their explicit consent to use their data, gives confidence to organisations. It shows that the customer has taken a first positive step in engagement. Once you have the customer at your fingertips, this can be leveraged to nurture a more trusting relationship.
[clickToTweet tweet=”The GDPR requires customers to give explicit consent before organisations can use their data. #GDPR #Customers #Data #Security” quote=”The GDPR requires customers to give explicit consent before organisations can use their data.”]
Another area of the GDPR compliance which brings opportunity for touchpoint with the customer is the ambitious Article 20, the Right to data portability. This is the right for an individual to require an organisation to provide them with a copy of personal data that they have previously provided – where technically possible this should be sent directly to another organisation, presumably a competitor. This right also encourages organisations to be able to receive data in standard formats from other organisations. Here again, you can promote customer trust and impress your customer by being efficient and promoting extra services, such as higher level data security. This article gives you a month to provide the data, if you can provide it immediately, you will readily demonstrate efficiency and a positive customer experience.
Furthermore, if you aren’t afraid to maintain a user-friendly interface where customers can receive their data (as per the Right of Access, or the Right to data portability). The transparency and control you allow your customers may give you the edge over your competitors when it comes to being an organisation they want to transfer data to.
Commit your organisation to ‘privacy by design’
The old “tick the box” compliance model that used to be the norm in many contact centres will no longer suffice. The GDPR encourages a ‘privacy by design’ approach, which means privacy is integrated into every part of an organisation’s products and services. Also, the GDPR requires organisations to only collect necessary data. To do this, organisations must, first of all, understand exactly what personal data they need, where they’ll be storing it and where it will be coming from. Organisations must analyse their databases and speak to teams across the business, from agents through to managers and CIOs, to understand the amount of personal data being stored and used within their organisation. You may be relieved to get rid of some of it and create new policies regarding which data to store in the future.
Acquire a Data Santa Claus
Introduced in Article 37 of the regulation, all public authorities, or organisations that engage in large-scale systematic monitoring or processing of personal data, should have a Data Protection Officer who has “expert knowledge of data protection law and practices”. This data Santa Claus will inform and advise, and monitor compliance. This additional expertise will guide you through the labyrinth of data protection, monitoring compliance with the GDPR and other data protection laws, including managing internal data protection activities, training data processing staff, and conducting internal audits. Each organisation can leverage this knowledge and capability to protect and future-proof their business.
GDPR compliance is not all bad
A lot has been said about the challenges of achieving GDPR compliance, but with these challenges also come some great opportunities. The GDPR will undoubtedly promote market competition as it requires more transparency from organisations, allowing consumers more informed choices. Those who take compliance under their wing are sure to stay ahead.