The European Union’s (EU) new data security and privacy directive seeks to improve how businesses, including call centers, handle vital and personal data of the trade bloc’s constituents. This presents implications on how contact centers should process an EU citizen’s personal information.

In early 2016, the EU signed into law its new data protection policy, the General Data Protection Regulation (GDPR). The 28-nation political and economic entity gave companies around the world a two-year grace period to adhere to the standards of the said legislation when handling the personal information of EU citizens. As the May 25 deadline looms near, it’s important to know how this can affect your call center should you handle EU customer data.
With privacy in mind from the very beginning, the GDPR replaces the bloc’s rather outdated Data Protection Directive. It aims to enhance the data protection an EU citizen receives by giving them more control over their personal data. Some of the notable rights the GDPR protects are the following:

•     Right to access- EU citizens should be able to access the personal and supplementary information they need without red tape;
•     Right to access- EU citizens should be able to access the personal and supplementary information they need without red tape;
•     Right to erasure- The right to be “forgotten,” allowing users to request for their personal data to be purged;
•     Right to data portability- Lets users easily transfer their personal data from one platform to another;
•     Right to be informed- Gives users transparency on how their data is used; and
•     Right to object- Right to compel businesses to not use or process their personal data (i.e., for marketing purposes).

Implications of the GDPR for contact centers

At first glance it may seem that this won’t affect offshore call centers, but as long as your company handles or processes the personal information of EU citizens, you’re liable under the GDPR. Here’s how the GDPR will affect your contact center.

1. It may increase data protection investments.

With the deadline nearing, companies are expected to ramp up their expenses with regards to improving their data security protocols. According to a PricewaterhouseCoopers’ survey, 77% of its respondents plan to spend up to $1 million or more in order to comply with GDPR requirements.

2. There will be more stringent data breach protocols

The GDPR has safeguards that ensure privacy disasters—such as Uber’s massive 2016 breach and its subsequent cover-up—will be alleviated or fixed in a short window. The EU will be enforcing a 72-hour window for reporting security intrusions at the time such breach was discovered. Protocols for vulnerability impact assessments are also present to mitigate and address such glitches, especially on zero-day—the day the bug was discovered.

3. Massive penalties may be imposed

The EU will be imposing huge fines for failing to uphold the provisions of the said legislation. In fact, for noncompliance and neglect for privacy alone, a company can be sanctioned by the trade bloc to pay up to 20 million or 4% of a company’s global annual turnover, whichever is higher, on a case-to-case basis.

4. Consumer empowerment will be observed

Call center processes will have to be modified or changed to comply with the standards set by the GDPR. The updated data protection law will uphold the importance of consumer consent, as seen with the rights it protects, such as right to erasure and right to object. One of its effects would be felt on how contact centers use call recording and archiving as stricter policies will be placed around these.

Despite the seemingly difficult road ahead, it’s important to comply with such standards to further improve your call center and to enhance the way you protect your customers’ data.