Blog Home

GDPR is Just Around the Corner. Are You Ready?


The Team at CallMiner

March 26, 2018

General Data Protection Regulation graphic
General Data Protection Regulation graphic

European Union’s (EU) new stance on data protection is impacting call centers across the globe. The General Data Protection Regulation or GDPR was passed in 2017 with a deadline for businesses to be compliant set for May 25, 2018. The goal of the new law is to increase safety for EU citizens when it comes to sensitive personal information. The requirements of GDPR are leaving many businesses struggling to make updates to internal procedures regarding recordkeeping and storing of information.

How Does GDPR impact call centers?

Call centers will need to take steps to become and remain compliant with the new regulations and avoid significant fines for failure to do so. The new regulations require call centers that handle EU citizen’s information to:

  1. Allow individuals to request their personal information in a digital format.
  2. Allow individuals to request their information including call recordings be deleted.
  3. Justify call recordings using a list of provided acceptable reasons.
  4. Notify individuals of data breaches within 72 hours.

These regulations are stricter than those set by regulatory authorities in many other parts of the world, although many of the key principles of GDPR are expected to be taken up outside of the EU in the near to mid-term. . With just two months left until the May 25th deadline, call centers need to act today to reorganize their data, establish procedures, and guarantee compliance.

What steps can call centers make to get ready for GDPR?       

To help navigate the path to compliance, follow the six steps outlined below.

1. Create a dedicated team.

Because implementing and maintaining GDPR compliance isn’t a one-time project, businesses should create a dedicated team of individuals that will oversee the project. This group should consist of members from every department that handle client information for any amount of time. Ultimately, it will impact every department of your company, and together they can make the changes cohesively for your business.

2. Hire a Data Protection Officer

Some businesses are required under GDPR to hire/assign a data protection officer that oversees GDPR implementation and is responsible for keeping client data safe. Whether or not you need to hire one depends on your core business activities. To help you make the decision, take a look at the decision tree released by the EU.

3. Conduct an internal audit.

Review your existing processes and identify how you collect, store, and transmit client information. And then compare it to the regulations defined GDPR to uncover what you need to change.

4. Make data access simple.

One of the biggest changes is that individuals must be able to access their information and know who you are sharing it with. The EU strongly encourages businesses to create a way for individuals to access their information on their own.

5. Educate employees

Employees need to understand the new regulations, how it impacts their daily responsibilities, and what steps they can and cannot follow. It is vital that you educate them on how to handle requests for information, steps to take if a consumer wants their information erased, and how to gain consent for call recordings and sharing data.

6. Implement the right technology

The best decision any business or call center can make is investing in the right technology that improves compliance, makes it easy to access client information, and simplifies tracking of customer conversations.

Advantages of utilizing call center technology

Technology solutions such as a comprehensive conversation analytics program deliver many advantages to call centers needing to comply with new GDPR regulations.

Speech analytics

Speech analytics software allows you to capture every customer conversation and transcribes it into a database where you can analyze them in detail. By establishing keywords that you want notified of like compliant and noncompliant language, or GDPR related requests from consumers. You will be able to quickly identify which agents are abiding by the set standards, which need more help or guidance and how you are servicing GDPR requests. You will be able to do this holistically for all the interactions and consistently for every interaction, giving you the assurance about the scope of your compliance.

Real-time call guidance

Since the GDPR guidelines are strict in nature, call center agents will need ongoing help including during conversations with clients. Real-time analytics that integrates with speech analytics can notify agents of next steps to take during the call, script reminders, and verification to ask customers for permission to record the phone call.

Automated Scorecards

Not only does analytics software let you see how your performance measures to the new requirements, but it also shares that data with your agents via automated scorecards. Businesses can customize scorecards to track compliance standards in addition to key performance metrics (KPI’s) like first call resolution rates and average handle time. Having this information at their fingertips empowers them to make necessary changes on the next call they handle.

Payment Card Industry Data Security Standards (PCI DSS) Compliant

GDPR requires that all businesses treat call recordings with the same care and security features as payment information. Choosing an interaction analytics software that is already PCI DSS compliant assures you will also be GDPR compliant in regards to this specific regulation.

Final Thoughts

When it comes to GDPR compliance, investing in the right interactions analytics program is the best decision a business can make to get ready for the May deadline and to help with ongoing compliance. The automated capabilities make it easier to manage, track, and improve customer conversations over time. In considering this approach you should make sure the analytics provider themselves, like CallMiner, have undergone full appraisal of their own conformance to GDPR by independent assessment, this way you can be confident both yourselves and your analytics provider are covered for GDPR.

Risk Management & Compliance North America EMEA APAC