May 25, 2018, is fast approaching, or otherwise “looming”, as businesses hurry to prepare themselves for GDPR’s implementation date. The GDPR (General Data Protection Regulation) is a piece of EU legislation designed to strengthen and unify data protection laws for all individuals within the European Union.

This regulation will apply to any organization that processes personal data of individuals in the European Union, whether or not the company is based in the EU themselves. It becomes effective and enforceable next month!

Impact on the Contact Center

The GDPR will primarily be affecting the everyday operations of any department within your organization who act as data controllers. The regulation regards data controllers as entities that collect data directly from data subjects.

Contact centers are without a doubt data controllers. So long as they interact with and collect personal information from customers in order to do their job. This means they must be mindful of the following responsibilities:

  • Satisfying their own data controller responsibilities as laid out by the regulation
  • Ensuring their data processors satisfy their responsibilities

GDPR FAQs Answered

Sparkcentral recently sat down with information security expert Barak Engel for a live webinar that dove into more specifics around the GDPR and its impact on the contact center. You can watch the 30 minute recorded version here. Our live attendees had some very relevant questions for Barak that we feel many others would be curious about as well. Below I have highlighted five of these questions and summarized Barak’s answers.

Q. Will GDPR standards vary from domain to domain or is the same across domains? E.g. Healthcare, insurance, retail, manufacturing domains will all have the same GDPR standards.

Answer: Yes, the “G” in GDPR stands for general. It applies to any industry. There are some specific rules in Germany for telecoms which go above and beyond GDPR compliance and have a component of data sovereignty, but that’s an add-on. The GDPR itself applies to any industry.

Q. How will the GDPR affect data center storage and data sovereignty?

Answer: There is no data sovereignty component to GDPR itself. Which means that this whole idea that data has to stay in the EU in order for the company whose managing it to stay compliant, is just not true. In fact, the privacy commission, in the rules themselves, talks about cross-border transactions and the notion of moving data from within the EU to outside the EU. All within the context of GDPR.

Q. What if the contact center is a 3rd party? Are they still a data controller and not a data processor?

Answer: A 3rd party typically would be a processor. In order to be a controller you have to have the direct interaction with the customer, that’s the defining differentiator. It’s important to note that you can be a data controller in one context and a data processor in another. In many cases, an entity will act as both, but you draw a very narrow line between those roles. If you are interacting directly with data subject to a particular function then you are a controller.

Q. Can you compare the GDPR to any pieces of legislation from other countries?

Answer: The GDPR has done something quite brilliant here because it is a massive economic matter that has many people living inside of it. What is unique about the EU and how they structured the GDPR is that they kept both sides in mind, it really is attempting to be a fair standard. They want to support business moving forward but they just want to have a standard way of doing so to ensure everyone is on the same page. In that respect, there really isn’t anything quite like it anywhere in the world.

Q. Is it necessary to regain customers’ consent for existing lists?

Answer: This is one of those issues that is not fully resolved within the regulation. There isn’t a clear-cut answer to this one unfortunately, there are a lot of questions about how to handle things from the past. With that said, the intention is to have organizations apply these standards retroactively if a customer were to request you forget their information. It’s all about fairness here.

To receive more expert advice from Barak Engel on GDPR compliance, watch this on-demand webinar.

Get blog articles delivered to your inbox