GDPR Requires a New Approach to Data Protection in Customer Care

By José Márquez-Martínez - March 20, 2018

On May 25, 2018, things get serious: The new General Data Protection Regulation (GDPR) has been passed and will come into force in all European Union countries. This creates new requirements for the handling of personal data also in the area of customer care. The GDPR particularly affects call centers and online applications where personal data is exchanged every day in dialogue with customers.

Amidst the increasing importance of data in everyday life, the new regulation aims to strengthen the basic right of EU citizens to protect their own data. All companies and providers of customer care services that run their services in EU countries must comply with the new statutory provisions by May 25 at the latest. However, how does the GDPR affect the handling of customer data in your call center  and online solutions – and how does this change your daily customer care business?

1. Customers Gain Sovereignty over Personal Data

At the core of the GDPR is the protection of personal data and transparency in the way this data is used. All applications in your service network are affected: This includes the helpdesk software being used, the registration of service tickets, payment services for billing repairs outside the manufacturer’s warranty or other payable services, as well as applications for recording customer calls. Customers have the right of access and the right “to be forgotten” once the service is over. Call centers must adapt their systems and processes so that they can provide their customers with access to their personal data on demand.

2. Outsourcing Does Not Make You Exempt

A large proportion of smartphone and consumer electronics providers have outsourced their call center operations to external service providers to ensure global availability and 24/7 services in multiple languages. However, this does not make you exempt from monitoring the GDPR compliance of your outsourcing partners. As a brand, you act as the main contact person for your customers, even if external service providers render the actual service on your behalf. According to the GDPR, this means that you are the data controller and you need to ensure that your service providers align their systems and processes with the regulation.

3. Your Good Will Counts

Companies that do not comply with the new GDPR requirements will face severe penalties of up to four percent of their annual turnover or 20 million euros. The good news: Good will counts. Even providers that have already implemented small steps such as the safe handling of passwords should initially be spared from prosecution. The number one priority for your call center should be to launch initiatives to ensure GDPR compliance. Anyone who can prove that they have taken the necessary steps and who has developed a clear awareness of the significance of data protection should at first only receive a warning upon inspection.

4. Clearly Define Responsibility for GDPR Compliance

Regardless of whether you are one of the compliance champions or one of the GDPR latecomers: Define a clear responsibility in your organization for implementing the new requirements. Ideally, there will be someone at management level who is responsible for overseeing GDPR compliance. GDPR is not a one-off project, but rather will keep your company busy for many years. Make provisions, develop competency and delegate responsibility to a trustworthy person who will manage GDPR compliance as a process over the long term.

5. Compliance Is a Journey, Not a Goal

Compliance with GDPR is a process of transformation for companies – a process that is gaining momentum due to the May date, yet realistically, it will not be completed that quickly. Call center operators and all companies that deal with the processing of customer data on a daily basis will continuously focus on optimizing their processes and systems in the coming years. The new awareness for security when handling personal data combined with new technologies have set an innovation process in motion that will go well beyond May 25. This will ultimately lead to a better quality in handling data – and in the end, all those involved will reap the benefits.



About the Author

José Márquez-Martínez

José is Product Development Manager at B2X.