GDPR is one year old – Are You Ready?

The headline on April 24, 2019 read, "Facebook expects to pay up to $5 billion in fines to FTC for privacy violations."  Ironically, Mark Zuckerberg, Founder and CEO of Facebook is one of several business leaders who have been pressuring legislators for more clarity on privacy rights. All businesses, and especially those that sell access to micro-targeted audiences, need clear and consistent regulations.  Aware of widely publicized data breaches, consumers are demanding more control over their private information. So where do we draw the line?  The member nations of the European Union tackled this problem head-on. The resulting General Data Protection Regulation (GDPR) went into effect May 25, 2018.

With the regulation in place for one year, European authorities are flooded with reports of data breaches and complaints of mishandling personal data. In just the first 8 months after the law became effective EU citizens reported 59,000 personal data breaches.  The largest penalty to date was for $56 million¹ but many complaints have yet to be adjudicated.

US companies cannot dismiss the GDPR as strictly a European issue. The law also extends to organizations outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. The GDPR serves as a template for similar laws in Brazil, India and Indonesia and the new California Consumer Privacy act of 2018.  GDPR will affect the landscape of privacy laws and compliance for years to come. 

GDPR, and other privacy-related regulations, are especially important to contact centers. Because of the sheer volume of interactions, high turnover among the employees, and a general lack of detailed knowledge about applicable laws and regulations, contact centers are particularly vulnerable to unintentional compliance breaches.  The consequences can be very significant, both in terms of financial penalties and damage to business reputation. 

In response, contact centers are implementing processes and making investments to help assure compliance. Examples of necessary technology investments are flexible recording systems, enabling real-time capabilities and leveraging analytics and automation to pinpoint risks and enable prompt actions.  Consumers and regulators can demand electronic copies of these interactions and the turnaround time is very short. 

If you haven't focused on privacy this year, now is the time to get started. Propelled by GDPR, major nations around the world are formulating new laws or strengthening existing statutes.  Take the initiative now rather than play an expensive game of catch-up later. 

Our new white paper, GDPR One Year Later - Where Do We Go from Here? authored by Pelorus Associates and presented by NiCE Systems, details these actions and explains how the NICE Compliance Center can help assure that you remain on the right side of laws and regulations governing consumer privacy rights. Click here to access it.

¹https://www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc