In our continuing series on GDPR and the contact center, we’re going to turn our attention to a major change in regulation as we approach the deadline for the enforcement of the GDPR: the definition of personal data.
Under the GDPR, what constitutes personal data has been greatly expanded to reflect changes in technology and consumer behaviour – which contact center practitioners need to be aware of and manage the associated risks.
Article 4 of the GDPR widens the definition of personal data to include “an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;“. This is a radical change and has wide-ranging implications; and just a few examples of challenges that contact center professionals must wrestle with are:
- Do you record calls?
- Does your web-chat system log IP addresses for visitors?
- Does your mobile app store fingerprint data for authentication? (Or do you plan to use face-recognition technologies for verification?)
- Do your social messaging applications scrape social details from users’ profiles?
- Are you storing credit scores or other financial details?
- Do you collect information on ethnicity, first language or other social identifiers?
Most contact centers that I know execute at least one of the above. The first part of responding to these challenges is being aware of the paradigm shift that took place when the GDPR was passed into law. Our response will be outworked in a number of ways (that we’ll discuss as part of this series) including issues like consent, purpose, pseudonymisation & encryption, and privacy by design amongst others.
How can Cirrus help?
As an integral part of our cloud Contact Centre-as-a-Service (CCaas) offering, we’re building in provisions for managing risk and demonstrating steps to compliance right “out of the box”.
This week’s blog post was written by Glen Blow; Product Director.