It’s been eight months since Europe’s General Data Protection Regulation (GDPR) was introduced. But have you noticed much difference since May?
You could be forgiven for thinking the whole furore was a storm in a teacup. And, of course, there have been rules around the capture and processing of personal information since the introduction of the Data Protection Act 1998.
The new GDPR affects all companies, especially those that hold and process large amounts of consumer data such as technology firms and marketers. It is designed to strengthen the rules around the storage and use of personal data, handing more power and protection to consumers.
The most obvious change stemming from GDPR is the requirement to accept new or changed privacy policies every time you go online. Yet many people are still receiving unsolicited emails. And from companies and organisations to which they had unsubscribed.
It is also a timely reminder to consumer-facing businesses of the technology available to help ensure they are compliant with all regulations surrounding interaction with customers and the taking of their personal details.
NGC Networks works with Liquid Voice, a software house which specialises in call recording solutions for companies operating contact centres. The solutions enable businesses to manage call flow and capture conversations between staff and customers.
This ‘data’ capture allows businesses to analyse call volumes and staff performance and thereby identify any training needs to improve its customer service function.
Many companies with contact centres are also processing card payments over the telephone and online. The Payment Card Industry Data Security Standard (PCI DSS) is designed to help businesses process card payments securely and reduce card fraud.
It does this through tight controls regarding the storage, transmission and processing of cardholder data.
Secure payments solutions provided by the NGC Networks-Liquid Voice partnership enable companies to comply with Financial Conduct Authority (FCA) and Payment Card Industry (PCI) standards.
In light of GDPR, Liquid Voice has developed new solutions to support organisations which store large amounts of data, much of it as archives on ageing and disparate systems.
Organisations need to decide whether this old data still needs to be stored and if so, what infrastructure changes might be needed to continue with its storage.
Some older storage solutions are no longer supported by software vendors and their resellers but new solutions can be implemented to provide better security and improved access to stored recordings and the assessment of those solutions and their suitability is key.
Organisations, small or large, are obliged to respond to ‘access requests’ from customers about any personal data and recordings being held.
They are duty bound to try to find the data but they face a major challenge if the data is historical and search tools are limited.
An ‘automated speech transcription’ solution developed by Liquid Voice allows retrospective searching of data using names, addresses and postcodes which can then be viewed as text summaries. This eliminates the need for personnel to listen to entire recordings and, at a person’s request, these transcripts can be easily deleted.
Until now organisations could assume that a person has given consent for their conversation to be recorded. Mechanisms can now be put in place to deal with consent, subject access requests and rights to be forgotten, helping to ensure organisations are GDPR compliant according to the scope of their requirements and budget.
Organisations with a business to business focus rather than a consumer audience are also getting to grips with GDPR and its challenges. Questions have been raised about the use of marketing lists to build contacts and attract new customers.
GDPR requires marketing lists to be opt-in however under the new rules many companies are using ‘legitimate business interest’ as a reason to contact prospective customers without gaining prior consent. This contact is made on the basis that they have a business interest in contacting the prospective organisation.
Many organisations have also updated their privacy policies to make it clear how the personal data they collect is used and stored securely.
The introduction of GDPR came with the warning of substantial fines of €20m or 4% of a company’s turnover if that is higher. Any first breaches of GDPR will make for interesting reading for those who have chosen to see it as an unwelcome distraction rather than a necessary evil.