What the GDPR Means for Your Contact Centre

It is important to realise that if your organisation operates outside of the European Union (EU) and you have just one EU contact within your contact centre database, you need to understand and comply with the looming General Data Protection Regulation (GDPR).

Your time to prepare is running out—the new regulation goes into effect on May 25, 2018. By this time, qualifying organisations must either demonstrate they’re compliant with the GDPR or prove they’re working toward becoming compliant with it.

While the law is not about fines, non-compliance will be painful, with administrative fines of up to up to €20 million or four percent of a company’s annual global turnover—whichever is higher. If you’ve been putting the GDPR on the back burner, it’s now time to face it head-on. Here’s what you need to know and how Calabrio can help.

How the GDPR Impacts Your Contact Centre

The GDPR significantly expands your contact centre’s responsibilities because it significantly expands customers’ rights over their personal data. Here—at a high level—is what it does and the expanded rights it gives your customers around “consent.”

• Right to be informed. The GDPR gives individuals the right to be informed about the collection and use of their personal data.
• Right to restrict processing. The GDPR allows individuals to “block” or suppress the processing of their personal data.
• Right to object. With the GDPR, the individual has the right to object to the processing of their personal data unless you can demonstrate legitimate grounds for processing.
• Rights in relation to automated decision making and profiling. The GDPR provides protection for customers against systems that make decisions solely by automated means without any human involvement and against the automated processing of personal data to evaluate certain things about an individual.
• Right of access. With the GDPR, you need to be able to locate every piece of customer data stored within your workforce optimisation (WFO) system and communicate how it’s used, should a customer request that information.
• Right of rectification. The GDPR empowers customers to request corrections to any of their personal data, so your contact centre agents and other system administrators need easy ways to find, update and document changes to this personal information.
• Right to erasure (the “right to be forgotten”).The GDPR also empowers customers to ask you to delete all data gathered about them—requests with which you need to comply as long as the data is no longer needed to achieve the purpose for which it was originally gathered or your legal basis for gathering it was the individual’s consent.
• Right of data portability. The GDPR enables customers to ask you to hand over all of their personal data in a commonly used format, like CSV or XLS, which they then can reuse for any purpose across different services.

These requirements might seem like heady stuff, but they don’t have to be.

Calabrio Makes GDPR Compliance Easier

Calabrio ONE’s advanced data capture, data viewing, data deletion and data protection capabilities give customers control over their personal data. And, by making it easier for contact centres to log and retain evidence of customer consent, Calabrio helps your contact centre more easily comply with the GDPR.

• Data capture. Calabrio ONE can capture personal, sensitive customer data during the interaction—such as email address, first name or last name and custom metadata options—in text form or from recorded calls, or can sync this data from the automated call dialer (ACD) or other contact centre systems. Calabrio’s data capture capabilities also can track consent and securely store personal data along with vital, unstructured data collected from the ACD or from voice or email interaction.
• Data viewing. Calabrio ONE’s reporting solutions—along with ad-hoc export capabilities—can help you quickly retrieve data in an easily viewable format for customers requesting that information; the system also identifies key system changes or updates.
• Data deletion or anonymisation. Calabrio ONE workflows easily can delete and purge a customer’s data and associated records—including removing all identifiable data¹—if the customer requests that action.
• Data protection. Calabrio ONE leverages a variety of industry standards and best practices to protect our customer data;² of particular note is our end-to-end RSA 2048/AES encryption, which encrypts customer data—including recordings—at the source, in transit and at rest, at no additional cost.

The GDPR deadline will be here in less than 75 days. Make sure your contact centre is ready for it.

¹ Customer must implement appropriate process and procedure for purging data. Data is not redacted; it is purged through workflow rules.

² Customer must implement appropriate processes and procedures in order to be compliant.

Kris McKenzie

Kris McKenzie is responsible for Calabrio’s EMEA operations and go-to-market efforts. He oversees sales, operations, strategic partnerships and customer success. Kris joined Calabrio with more than 20 years’ experience in global enterprise SaaS technology and 14 years of management and sales leadership. Kris brings extensive expertise in helping companies implement solutions to develop a deep understanding of their customers.