When the GDPR comes into effect on the 25 of May, data will no longer be an asset that companies simply harvest from customers and end users. It will become an asset for the end user as well. Among many other things, the new regulation will give customers and end users more access control to their data than ever before.
The new regulation also formalises the concept of the data subject (the customer/end user). And with this will come the right to access, to be forgotten, to data portability, to privacy by design and the obligation to notify breaches. The exact implications of these new rights are still to be clarified but what is clear is that the GDPR will give customers and end users more power to control how their data is used and what it is used for. For many organisations, this is uncharted territory. And with the huge fines for non-compliance, there is no room for error.
Navigating a complicated landscape
The GDPR poses many challenges, especially for businesses like contact centers where the main business processes include gathering and processing. And when you consider the right to be forgotten that comes with the GDPR, you can understand why the new regulation poses a significant problem in relation to how many contact centres are set up. For example, the multiple data recording and CRM systems that operate simultaneously in contact centres don’t quite line up with the concept of “forgetting” that comes with the right to be forgotten.
The Right to be Forgotten is not just a technical challenge. This new right clashes with the contact centres’ various evidence keeping requirements. Organisations may ask themselves what to do if the same information must be deleted and kept as evidence. This creates a twofold problem - organisations must record or delete the right amount of information on interactions to maintain the delicate balance and ensure compliance.
A new relationship between centres and customers
Since the new regulation allows for more control over their data as well as more visibility on how it’s gathered, stored and processed, the customer or end user can ask an organisation to hand over any data they have concerning them or to delete it. The regulation will also impose “privacy by design” and mandatory breach notification within 72 hours of the breach.
This increased transparency will transform the customer journey but also impact on customer expectations when interacting with organisations. For instance, all end users will have to provide consent to be recorded. And although the regulation is not entirely clear on if this must be explicit or implicit, failure to comply would still be considered a breach.
Heavily sanctioned breaches
The fines imposed if contact centres fail to comply with the regulation are heavy ones. There are two tiers of administrative fines. They can reach €20 million or 4 per cent of the annual global turnover – whichever is higher. Add to that the loss of brand reputation. The fine will be administrative which means they will be discretionary rather than mandatory. They will also be imposed on a case-by-case basis. GDPR aims to have effective, proportionate and dissuasive fines.
Adding to the fines, GDPR gives individuals the right to individual compensation when a material and/or non-material damages occurs after an infringement of the GDPR. In other situations actions on behalf of individuals can be brought by not-for-profit bodies. In case of large-scale infringement firms will face mass claims which could have a big impact. Such potential fines will empower the customer when interacting with a contact centre. The customer will be king, or at least closer to being one.
The GDPR and customer trust
The new requirements imposed by the GDPR will foster trust between customers and organisations. The idea that a customer has actually given consent to the use of his data is an empowering one. Such good dispositions will enable trust to further their relationship with customers and enter into a more.
With the ‘right to data portability’ organisation now have a way of showcasing their transparency and honesty. This right imposes on firms to provide to an end user any information he would have previously provided. Doing so rapidly will foster a positive customer experience y demonstrating efficiency.
The GDPR and ‘privacy by design.’
Another novelty the GDPR brings is ‘privacy by design’. From the GDPR on, random compliance checks will no longer be enough. Organisations will be expected to ensure that privacy is an integrated component of every facet of their products and services. This rights also imposes data minimisation. Firms may only collect necessary data.
Firms will have to go through a process of evaluation and understand the personal data they are storing. They will also have to know where it is coming from. Their action will be twofold. They will have to comprehensively analysis their databases as well as start a cross-section dialogue between teams within the organisation. GDPR would give organisations an overall picture of the quantity of data currently stored and used by the organisation. This will allow you to get rid of the data you don’t need and it will make it easier to create new policies regarding which data to store in the future.
The mere idea of GDPR brings anxiety and trepidation to many. This shouldn’t be the case. To my opinion, judging from my experience, the GDPR could be an opportunity to redefine how value is derived from interactions with end users. By fostering the right processes, GDPR could, in fact, turn out to be an opportunity to enhance the customer journey. This would, in turn, enable the relationship between end users and the organisations to reach new levels of satisfaction.
Dana Averbouch, Head of Marketing, EMEA, NICE
Image Credit: StartupStockPhotos / Pixabay