#2: You have 72-hours to report a data breach
Contact centers hold a wealth of personal information about customers and data breaches spiked 29% in the first six months of 2017, according to Identity Theft Resource Center and CyberScout. These breaches have impacted 172 million American and international records, including records from US-based businesses like Equifax, Uber and Yahoo! The GDPR is the EU’s response to protect its citizens and require companies to report data breaches within 72 hours. This will likely be the first of many laws passed internationally to bolster cyber security.
#3: Fines for noncompliance can ring up to $21.6M (or higher)
The EU is taking privacy and protection of that information extremely seriously and to incentivize companies to play along, the GDPR imposes harsh penalties on any company that violates the new regulations up to $21.6M or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
#4: Customers call the shots on which personal data businesses can collect and store
In addition to explicit consent, the GDPR requires all companies abide by customers’ preferences about what personal data is collected, used and stored. Individuals may at any time request that a company transfer their data to another business or wipe their database clean of their information.
#5: Personal data is defined more broadly than SSNs in the GDPR
When we think of personal data in the contact center space, we normally think of Social Security numbers, health data or credit card information. The GDPR broadens the definition of personal data to anything that “directly or indirectly identifies or makes a data subject identifiable.” Given the nature of contact centers, it’s likely you will need to expand your security to meet requirements by May 2018.
#6: Customer consent comes first (no more “opt out” communications)
As part of the new, stricter consumer consent laws, the GDPR requires companies to use “opt in” communications to customers instead of the typical “opt out” channels like marketing emails or RSS feeds. This means less junk mail for consumers but it will also force many companies to adapt their communications strategies accordingly.
#7: You have until May 25, 2018 to improve your security
While it’s tempting to capture and use as much data as possible to build a better customer experience with your product or contact center, operating in the grey area may land you in trouble. Here are our parting tips to help you get started:
- If you don’t need it, remove it
- If you don’t need access to, don’t have it
- Know where personal data is
- Know what is done to personal data and by whom
- Protect, protect, protect and have a plan for when protection fails
- Don’t work toward compliance, work toward being as secure as possible (but use compliance as a guide to help you get there)
Editor’s note: The information contained in this document does not constitute legal advice. Reference the EU GDPR website for official information regarding the new regulations.
Click the button below to find out how Talkdesk builds enterprise-class cloud security.