The need to comply with an ever-evolving set of data privacy regulations may seem onerous or cause companies to freeze in place, not knowing what steps to take next. Without understanding the overall impact of these regulations on day-to-day operations, companies may not see the opportunities presented to improve their internal practices in addition to separating themselves from competitors in the marketplace. Consumers have seen breach after breach reported in the news, effectively becoming immune because of the seemingly regular stream of announcements and equally little recourse both in real time and the long term. In becoming compliant with regulations like GDPR or the upcoming California Consumer Privacy Act (CCPA), companies can go public with a proactive message that security and compliance are important to them, but just as important is earning their customers’ trust as a result.
This is a seismic shift where companies can and should say, “We are pro-consumer and pro-privacy and with that comes a responsibility to take great care of the private, personal data you’ve entrusted to us as customers.” Following the tenets of the CCPA, customers want to be able to know what data about them is being collected, to say no to the sale of that personal data and access it any time. Being able to more easily and proactively provide that information to consumers is achievable through a digital transformation, away from legacy systems and to cloud and microservices platforms that easily integrate with one another. On the business side, becoming compliant and strengthening systems to prevent data leaks, reducing access to sensitive files by employees and reducing the risk of external attacks are all good for the bottom line.
According to research from RSA, 7 in 10 consumers would boycott a company who repeatedly did not protect their data. And a combined report from CA and Frost & Sullivan (The Global State of Online Digital Trust, 2018) surveyed executives and security professionals who reported a high correlation across vertical industries between a data breach and negative impact to consumer trust and the bottom line: 86% and 83% for Healthcare and 59% and 47% for Retail/e-commerce. For companies subject to GDPR penalties (ranging from 2-4% of annual global turnover and starting at €10M or €20M respectively, whichever amount is higher) these combined losses can be substantial.
In the first nine months post-GDPR (May 2018-February 2019), fines were generally small compared to the anticipation prior to launch, but self-reporting of breaches was up significantly per requirements. Just less than 60,000,000 Euros were assessed in that period with a single 50,000,000 Euro fine to Google assessed in January for violations in France as Google failed to provide enough information to users about its data consent policies and didn’t give them enough control over how their information is used. In the most recent six months, fines have dramatically increased in pace ranging from £183,000,000 (Marriott) to £100,000 (EE Limited) with reporting of breaches continuing to keep pace.
All of this is a lot for any company to navigate on their own, especially in the as-a-Service world where companies often focus as much as possible on their core expertise and rely on trusted partners for theirs. Talkdesk has invested heavily not just in the capabilities of our platform to meet the most stringent IT requirements and compliance, but also continuously invest in the teams and people that ensure our knowledge is current, our certifications are up to date and we’re building toward the future.
You can view the recording of our webinar “The Impact of Data Regulations on Contact Centers” that goes into even greater detail on GDPR, CCPA, the changing landscape of regulations around the world and how all of these have affected and will continue to affect companies who operate contact centers.
Sign up for CX and call center insights delivered weekly to your inbox.