Don’t get me wrong, our customers in contact centers initially met the GDPR with just as much trepidation as anyone else. However, I have found from working with our customers, that those who embrace the GDPR, using it as an opportunity for compliance transformation, have a lot to gain by going beyond compliance and taking a holistic approach to securing and maintaining the integrity of their systems.
Here are some activities that can be greatly beneficial for you to carry out, to create business value and future proof your business. Getting your compliance ducks in a row in preparation for the GDPR could hold great potential for a more efficient use of resources and more effective insight generation from information collected in the contact center.
Leverage Customer Engagement
The GDPR promotes customer trust all round - for example, requiring customers to give explicit consent before using their data. It also promotes customer trust in more indirect ways – for example, the GDPR complicates the use of third parties. This will likely lead organizations to reduce their reliance on them, bringing data control in house, in a more tightly regulated environment. Knowing with complete confidence that your customers have given informed consent to use their data is empowering for organizations. It shows that the customer has taken a first positive step in engagement. Once you have the customer at your fingertips, this can be leveraged to nurture a more trusting relationship.
Embrace ‘privacy by design’
Random compliance checks are not enough – The GDPR calls for ‘privacy by design,’ that is, privacy integrated into every facet of products and services. Moreover, the regulation also demands data minimization, meaning that companies only collect necessary data. A first step to approaching this, is understanding exactly what personal data you are storing and where it comes from. By analyzing your databases and speaking to a cross-section of your organization, from agents through to managers and CIOs, you may be surprised at the amount of personal data being stored and used in your organization. You may be relieved to get rid of some of it and create new policies regarding which data to store in the future. This is the time to be asking these questions.
Acquire a Data Santa Claus
Introduced in Article 37 of the regulation, all public authorities, or organizations that engage in large scale systematic monitoring or processing of personal data, should have a Data Protection Officer who has “expert knowledge of data protection law and practices”. This data Santa Claus will inform and advise, and monitor compliance. This additional expertise will guide you through the labyrinth of data protection, monitoring compliance with the GDPR and other data protection laws, including managing internal data protection activities, training data processing staff, and conducting internal audits. Each organization can leverage this knowledge and capability to protect and future proof their business.
This is where we come in
NICE’s GDPR solution goes hand in hand with all these activities. Based on NICE's market-leading Engage recording solution, it allows for the recording and verification of customer consent to ensure that no sensitive data is stored. Furthermore, it addresses the security aspects of the regulation with sophisticated media encryption, dedicated anonymization processes and authorization controls, to ensure that access to sensitive data is strictly limited. The solution also allows you to quickly retrieve customer’s interactions across channels, in order to comply with GDPR Right of Erasure and Right of Portability, etc. You can create policies for storage, encryption, retrieval and deletion. You can then delete customer interactions, put them on litigation hold, or create future policies regarding specific interactions, in a few simple clicks.
Ready to make the changes? Learn more about our GDPR solution.