Media coverage of the new General
Data Protection Regulation (GDPR) requirements has been hard to miss. While
the story has generally been around potential financial loss from not complying
with these regulations, there’s much more to it than that.
following tips will help you understand and prepare for GDPR,
and communicate your data use and storage policies both internally and
1. The overall goal of GDPR is to protect your customers
At the moment, contact
centres focus on keeping customers’ sensitive card data safe, making sure none
of their card information is stored, transmitted or processed in an insecure
manner. The new GDPR requirements require companies to expand that thinking to
all personal data, often referred to as Personally Identifiable Information
(PII). This includes names, email addresses, account balances and passwords – almost
anything that is specific to an individual.
2. Find out where PIIs enter your organisation
Finding out where the
personal data comes from, makes it much easier to move it to a more secure
place. The best way to do this is to produce a data map. Speak to your teams
directly and find out who are the key users of reporting tools, databases and
management information. Take a deep dive into one of their typical customer
interactions and you may be surprised to discover how much personal and
sensitive data is being used throughout your organisation.
3. De-scope, shift and segment the data you capture
Does each piece of data you
collect add genuine value to your company? If not, don’t collect it. Do all
teams need access to the data you need to collect? De-scope or shift the data
where possible. Could you put ‘data
filters’ in place to restrict the movement of
sensitive data? Could you use different storage that isn’t cloud-based? Could
you replace data with pseudonyms? These are areas to explore.
4. Rehearse what to do in the event of a breach
If you don’t have an
existing data breach plan, there has never been a better time to create one.
This kind of plan should include crisis communications, customer/stakeholder
notification, regulatory disclosure, forensic investigation and containing further
potential breaches. It’s also important to rehearse and practise a breach at
least once a year, to not only ensure that your senior team knows what to do,
but so that you can see what goes well and what you need to improve on.
Lookingfor a GDPR-compliant contact centre outsourcer? Connect here
Multilingual, multi-channel hubs and the brave new world of customer service
Why UK companies are flocking to South Africa for contact centre services