Understanding The General Data Protection Regulation
The General Data Protection Regulation (GDPR) is designed “to protect all European Union (EU) citizens from privacy and data breaches. The rules affect professional and commercial activity. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location”. If you are a business with multiple locations internationally with locations within the EU or have clients within the EU, you should be ready. “Any processing of personal data and the permissions to use that data has to be transparent. The principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used”. GDPR was approved in April 2016, allowing for a transition period to be enforced May 2018.
Will you be ready when the post-adoption grace comes to an end? If you are not in the EU but have clients that are, and you deal with their personal data, you should be getting ready and have a solution in place, if you have not done so already. What is considered personal data is important to understand. “Any information related to a Natural Person or Data Subject, that can be used to directly or indirectly, identify the person,” is considered personal data.
Keeping up with the changes and compliance efforts can be an overwhelming task. You will need very reliable and accurate solutions in place. How you share the data is key. If you are a retail vendor with online services, you collect personal data with every transaction. This includes instant message (IM) interactions, calls into your contact center, and the online order process. If you have a team troubleshooting via video chat or meetings including a shared meeting center, that needs to be considered as well. A compliance solution will need to be able to track all these interactions to help keep the data safe and easily accessible. Recording and saving this data to be easily accessible will require businesses to have a Unified Communications (UC) Reporting and Recording solution in place. Tracking all interactions from the customer when they call in to initiate a purchase, down to any issues they may have with the transaction. To satisfy the requirements, you will need to be able to provide proof of contact for calls and online interactions that include voice, video, and conference calls made and received if any personal data is involved. As a retail vendor, you may have hundreds to thousands of inquiries per day.
The cost of implementing a new UC Compliance Solution greatly outweighs the possible penalties incurred for non-compliance. “Under GDPR, organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts”. Avoiding the fines is well worth the upfront investment. Losing your profit margin to fines that could be avoided could cause substantial damage to your bottom line.
“Key Changes with the General Data Protection Regulation.” EU GDPR Portal,