The game is about to change. Big time. EU’s General Data Protection Regulation (GDPR) which is lurking just around the corner- May 25 th 2018, is going to completely revolutionize the way organizations need to look at private data. European citizens, also referred to by GDPR as the data subjects, are about to be granted complete ownership of their private data. Sounds empowering, right?
Well, that depends who you’re asking. For our customers in Contact Centers, this brings to the table a whole new set of challenges and concerns. In just three months from now, organizations will need to comply with a set of stringent requirements such as recording consent, data portability and the Right to be Forgotten. Bear in mind that the impact of GDPR not only concerns our European customers, but also any global company providing its services to European data subjects. And the stakes are high. Penalties for non-adherence with GDPR are unequivocally large. We’re talking 4% of the annual turnover, or 20 million Euros – whichever one is highest!
Why Our Customers Choose NICE
Compliance Center couldn’t have come at a better time for GDPR adherence! Unlike most data-driven and siloed tools, the Compliance Center is a holistic solution that allows our customers to be fully prepared for GDPR. Not only does it provide the ability to spot violations without undue delay, but it also allows our customers to easily and independently take corrective actions. The solution caters to four main concerns that I hear anxiously voiced when it comes to complying with the GDPR:
Associating interactions with the data subject.
At the most basic level, organizations need to be able to associate interactions with data subjects in order to comply with several GDPR requirements (e.g. right of erasure, right of access, right of data portability). Without this essential capability, extracting and/or deleting customer data is akin to finding a needle in a haystack. Organizations must also have the ability to do this across all channels, or they run the risk of only having half the information available. Through Compliance APIs and by means of advanced data tagging, interactions belonging to a certain data subject across ALL channels can easily be retrieved upon demand, within a few clicks only.
Although the GDPR is very clear that data subjects must explicitly opt in to having their data processed (collected, stored, used), the regulations around recording consent are somewhat more grey. It states that all people involved in the call must provide their consent to be recorded, but the regulation does not specify if this must be explicit or implicit. Through advanced analytics capabilities, Compliance Center can identify if there was a regulation breach whereby no recording consent was given.
Right for data portability.
Article 20, GDPR states that the data subject has the right to receive their data, which they have provided to a controller, in a structured, commonly used manner, for example in CSV format. Again this can be like finding a needle in a haystack for data controllers if they don’t have the ability to retrieve all associated interactions belonging to a certain data subject in the first place. Compliance Center consolidates all customer data from all channels with just a few clicks. This is thanks to Compliance APIs data tagging capabilities making retrieval instantaneous.
Right to be forgotten.
Perhaps the most talked about concern in GDPR is the Right to be Forgotten. This states that data controllers must comply with data subjects’ requests for erasure and do so “within one month of receipt of the request”. Compliance Center also tackles this challenge with dedicated tagging and deletion mechanisms in addition to advanced automated workflows to satisfy such requests. The Compliance Center not only allows multi-channel deletion in a single command, it is also scalable with bulk deletion for large scale of interactions. With dedicated dashboards, Compliance Center then allows you to analyze and understand deletion statistics.
Of course, the Compliance Center guarantees the security of your processing by using the most advanced security standards. Based on Engage, the market leading recording platform, with end-to-end media encryption (in adherence with the encryption technology proscribed in the GDPR) protecting information during every stage of its lifecycle: capture, use, transmission, and storage. With Compliance Center, encryption can also be performed on historical interactions, as a corrective measure.
GDPR Hocus Pocus
What I can say, is that there is no magic button when it comes to GDPR compliance. Late-comers to the compliance party may be surprised at the complexity of adhering to the many rules and regulations; as well as the complexities of adhering to multiple regulations simultaneously.
Does this cover your organization’s main GDPR concerns? What else is your organization struggling with? Let me know in the comments section below: