Designed to create a single standard of data protection across all European Union member nations, the EU General Data Protection will be the world’s first and largest international legislative act around data privacy of its kind. Whether or not an organisation is based in the European Union, the regulation will have far sweeping consequences and will require compliance for any entity that processes the private data of European citizens.
The European Union’s General Data Protection Regulation will provide broad reaching oversight around the way the private data of consumers is handled by any company who does business with citizens of the European Union.
Scheduled to begin enforcement on 25 May, 2018, the regulation will go into effect in all EU member states.
Organisations that do not comply with the standards outlined in the legislation will face significant fines.
In spite of the UK’s decision to leave the EU, the government has confirmed that the UK will be implementing the same standards in order to maintain an uninterrupted flow of data between Great Britain and the continent, and to make as smooth a transition as possible post-Brexit.
While the EU General Data Protection Regulation outlines many practices for the treatment of consumer personal data, there are several major stipulations to which companies must pay particular attention.
Learn more about the main tenets of the EU GDPR and what they mean for your company or organisation.
Breach of compliance could result in fines of up to 4% of global turnover or €20m (whichever is greater).
This is dependent on the severity of the breach and the organisation’s ability to prove that there were initial measures in place (or not) to protect customer data.
In addition to paying the government, organisations may also have to make pay-outs to customers.
On top of the official fines, your company may also be required to pay customers damages in the event of data loss or theft.
Organisations will need to appoint a Data Protection Officer.
Whoever holds this position will be responsible for managing data protection and data privacy, and free to give recommendations or feedback without fear of negative consequences. This only applies if an organisation handles ‘significant’ volumes of data, typically not applicable to small to medium-sized enterprises.
The EU rules apply to anyone trading in Europe.
Regardless of whether an organisation is headquartered in the EU or not, companies will still have to comply with the data protection regulations if they plan to offer services within the EU. More generally, the new rules will mean tighter controls on protection of data no matter where it is sent, processed or stored.
The laws reach beyond just the one organisation.
Any organisation or individual that processes data will be held responsible for its protection. This means that any third-party organisation processing customer data will also be subject to the EU GDPR.
A time limit to report breaches has been set.
All data breaches must be reported to the appropriate regulatory body within 72 hours.
The European Commission defines personal customer data as “any information relating to an individual, whether it relates to his or her private, professional or public life.” Under this definition, personal data can count as any of the following:
Because of the GDPR’s broad reaching definition of personal data, with something as common as a customer’s name or email address falling under the designation, most contact centres will find themselves processing at least some kind of personal data. This means that if your contact centre deals with citizens of the European Union, your organisation will have to comply fully with all of the standards outlined in the GDPR.
By requiring contact centres to take the protection of sensitive customer data more seriously, the GDPR will push organisations in the right direction to reduce the amount of vulnerabilities in one of the most susceptible areas of a business, and hopefully drive down the risk of a data breach.
Semafone provides patented data capture software that prevents personal data from entering your internal contact centre systems. This means that in the event of a data breach, the data is not present and, therefore, cannot be exploited. Not only does this protect you from the risk of fraud and the associated reputational damage, it also ensures you are compliant with industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS).
The software uses DTMF masking technology, which allows your customers to type their sensitive details, whether that be payment card numbers, bank details or other personal information, directly into the keypad without having to worry about them being overheard or stolen. This also means they can stay in constant contact with your customer service representative during the entire transaction, which improves customer service and satisfaction rates.