The European Union (EU) passed a new version of the General Data Protection Regulation (GDPR) to be implemented in 2017 and enforced by 2018. The regulation changes the communications game for every business, from the smallest to the largest. It also harbors significant impacts to companies with or using call centers, with non-compliance proving fatal: IBM reports fines could be as much as 20 million euros, or a little over $21 million.
If your business uses cloud-based call center software or works with a call center for customer service activities, here are 10 things you need to know about the GDPR.
1. EU Everywhere
The GDPR will have global ramifications. It calls for compliance not only from businesses and organizations operating in the EU but also from those that process the personal data of EU residents, regardless of where they reside.
2. Increased Oversight
If you thought staying compliant with the FTC and the FCC was hard, the GDPR may make them seem like cakewalks. The EU’s directive increases regulators’ powers and capabilities to enforce GDPR compliance. If your business touches the EU in any sort of way, you should prepare for increased scrutiny and oversight.
3. Broader Personal Data Definitions
In the U.S., personally identifying data tends to be relegated to the realms of Social Security numbers, credit card numbers, or health data. The EU’s GDPR takes a much broader stance on the subject, saying that personal data includes anything that “directly or indirectly identifies or makes a data subject identifiable.” On a positive note, you’ll get more data. You just gain more responsibility to protect it, too.
4. Simplified Standards and Regulations
The GDPR may entail a broader definition for personal data, but it aims to standardize regulations and governing bodies. That’s a good thing. While it’ll be rough going at first, streamlining standards and authorities should make it easier to stay in compliance.
5. Consumer Consent First
The GDPR features strict and specific rules about consumer consent prior to processing any identifying data. For example, the directive requires companies to use “opt in” for all communications rather than “opt out.” The change will require many companies to evolve their communication practices—across all channels.
6. Empowered Consumers
With the GDPR in effect, consumers will call the shots—even more than they already do. They will decide how much and which data you get to keep. They also will control how you use their information.
7. Parental Controls
The GDPR requires parental consent when processing data for children under the age of 16. The restriction might not make much of a difference to your company, but it could be hugely impactful to those involved with international adoptions or humanitarian aid.
8. Data Protection Officers
The GDPR also implements a new organizational role: the data protection officer (DPO). The position will likely oversee data privacy, security, and compliance. As such, the role could be a good investment despite the international pressure backing it.
9. Data Breach Notifications
In the U.S. several laws, national and statewide, govern data breach notifications. The GDPR could trump all of them, requiring that notification be made in 72 hours. The GDPR includes a couple of exceptions to the rule: notification isn’t required when the data breach isn’t likely to harm the consumers in question, and it can be delayed due to “exceptional circumstances.” The latter feels like submitting a doctor’s note to your teacher; the GDPR says businesses with “exceptional circumstances” will have to justify them. Conferring with legal could be critical on this and other changes.
10. Privacy by Design
The GDPR calls for “privacy by design,” that is, privacy integrated into every facet of products and services. The regulation also demands that companies only collect necessary data. Both statements bear an uncanny resemblance to those made by FTC Chairwoman Edith Ramirez last year.
Compliance is a growing and critical issue among call centers, businesses, and organizations. If you’re wondering where to begin your mastery of it, start with our infographic. It outlines some of the costs and repercussions of non-compliance, as well as the regulations you need to know to stay in compliance in 2017.