Supplier Zone
How GDPR will affect the BPO industry
GDPR impact on the BPO industry

GDPR comes into effect on 25th May 2018, with the goal of reshaping the way companies approach data privacy and giving greater control to individuals. Most people would agree that cracking down on companies that spam and mistreat people’s personal data is only a good thing, and it is...however the new regulations also dramatically affect the way all businesses control and process data with current and potential customers. This puts BPOs (business process outsourcing companies) in the spotlight. 

The data protection directive was very simple when it came to communicating with people – companies offer people the opportunity to opt out of communications and then make sure they adhere to it. Now, however, companies will need ‘consent’ or ‘legitimate interest’ in order to make contact. Marketing professionals are most worried about the size of their databases, which might drop off the cliff if you’d need to ask every prospect for consent to sell to them! Can a sales professional still email or call a lead to introduce their company? Confusion reigns, and in the UK alone, there are hundreds of conferences, webinars and guides all helping to answer everyone’s questions and concerns.

As a matching service dedicated to the world of everything ‘customer’, AboutMatch surveyed BPOs to find out how GDPR will affect companies that manage customer contact on behalf of their clients. It’s a touchy subject because GDPR raises the question of whose responsibility it is to adhere to the regulations. GDPR will have an unquestionable impact on the BPO landscape. Under the Data Protection Act, most of the responsibility for data lay with the data controller (the client) and not with the data processor (the BPO), giving BPOs a degree of protection. With the changes, BPOs now need to comply and accept responsibility for the data, ensuring it’s treated correctly, or potentially face massive fines. BPOs are now being asked to take control of a process that previously was controlled predominantly by the client. The implication is that BPOs and their clients will need to work together more closely than ever to take shared responsibility for any data that is being used, ensuring that consent has been obtained.

BPOs surveyed are focusing on the 12 steps to GDPR compliance as set out by the ICO. The appointment and training of Data Protection Officers is being driven by a need to comply with the legislation.

A question commonly asked is whether companies that offshore their contact centre operations will be affected by GDPR. The short answer is yes, but it’s complex – consider the storage of data with cloud providers, and that data stored outside the EU will be subject to the laws of the country it’s stored in, with some cloud providers not even knowing where all their client’s data is stored. Also once GDPR comes into force, it will be very difficult for companies to transfer data outside of the EU, without consent of the data subject first. Detailed auditing and close partnerships are again going to be crucial for compliance.


Another challenge of GDPR is time and cost, and this will vary considerably by company. In order to be compliant, resource needs to be allocated, data and processes mapped and training provided. Professionals are also spending a lot of time trying to self-educate.

But it’s not all doom and gloom - there are some opportunities in the BPO world. Firstly, as ICO suggests, gaining consent to use a data subject’s details could be a quite a lengthy administrative task, which is actually an ideal project for a BPO. It might only be a short-term project, however industry spikes are something that BPOs thrive on. If you’re trying to find a contact centre outsourcing company to help gain consent from your data subjects, AboutMatch can recommend an expert in this area.

Legislation is playing catch-up to the internet and its capabilities, with GDPR ultimately being a step in the direction of giving individuals newfound rights with their data. It will create a whole new way of thinking for companies as to how they use this data.

One of the most common views is that GDPR will help make our use of data much more personalised. The number of people companies will contact, sell to, direct market to, will decrease dramatically, however the people they do reach, in theory will be more engaged as they have actively given consent to be contacted, or at the very least be deemed as having legitimate interest. This is a positive step for companies with a customer first agenda, as these practices lead to increased engagement and conversions for the client and improved experiences for their customers, thus strengthening the relationship between customer and brand.

Connect with a GDPR consultant for your business

Connect with a GDPR compliant BPO

©2024 AboutMatch    |    site map Powered by Go-Net