Any lingering doubts about the post-Brexit future of the EU’s flagship data protection reforms in the UK were put to bed in August when the government announced a new Data Protection Bill incorporating the main points of the GDPR.
That means, from May next year and into perpetuity thereafter, UK businesses will, like their European neighbours, be subject to much stricter regulations on how they collect, handle, and use customer data.
Businesses which run a contact centre will feel the changes as keenly as anyone. With the advent of omni-channel contact, and the rising importance of analytics and CRM integration in the quest to offer ever better levels of service, data collection has become an integral to how the modern contact centre operates.
WIth the GDPR on the horizon, and the Data Protection Bill to carry on its legacy post-Brexit, contact centre operators will have to take a fresh look at their data handling practices. The new rules will require a change of philosophy, but also lead to inevitable questions about the technology deployed in the contact centre, and whether current solutions are fit for purpose in the new regime.
A question of service
Service has become a key business battleground, with competitors vying for supremacy by offering increasingly personalised, responsive and immediate solutions to customers. This has in large part driven the rise of the contact centre itself, and the demand for better service has largely been answered by technology. Right in the middle of that, data collection and analysis has played a critical role.
The average customer would be shocked at just how much data businesses collect about them. This activity largely goes under the radar, but is crucial to delivering the levels of service customers now expect.
For example, it is standard practice for businesses to record and map trails of contact with customers – details of site hits, items browsed, purchase histories, logs of comments and likes on social media, as well as the more obvious phone calls, emails, web chats and so on. Armed with this information, the modern digital business can personalise service.
They might send exclusive offers timed to coincide with a birthday, or ‘we miss you’ tempters when a regular customer hasn’t been seen in some time. Or it might be a case of improving response times and satisfaction rates by ensuring every agent has immediate access to details of previous contact so they can pick up the thread of a query quickly.
These are aspects of service consumers increasingly expect, but depend on data collection processes they have little awareness of.
One of the fundamental aims of the GDPR is to bring those hidden processes into the light. Regardless of whether the outcomes of data collection are positive for consumers, the GDPR establishes the principle that everyone has the right to know what information companies collect about them and what it is used for. It also states that people have the right to ask for data collection to be stopped and all existing records about them deleted.
Consequences of GDPR in the contact centre
Contact centres are used to telling consumers that calls are recorded for training and security purposes. They are also used to strict rules governing the processing of financial data, such as the PCI. One of the big changes under the GDPR is that it will expand these privacy and security obligations to cover a much broader range of data. On top of call recording, operators will be expected to make it clear how all forms of customer communication are stored, processed and used, as well as providing an opt out.
Strict rules on protecting against potential data breaches will not only apply to sensitive financial details, but to anything which could identify an individual – names, email and IP addresses, dates of birth, post codes, usernames, phone numbers and account numbers. Businesses will be obliged to adopt ‘privacy by design’ as a principle, building data protection into the foundations of how they run their contact centre.
This will have a number of practical consequences. Contact centre operators will have to think more carefully than ever about data security. In the event of a breach, if a company is found not to have met the data protection criteria set out by the GDPR, they could face a fine of up to 4 per cent of turnover.
As well as system security in the form of firewalls and anti-malware protection, businesses will have to think more carefully than ever about access permissions. In integrated CRM and contact systems, a business must be able to justify who has access to each category of customer data, explaining why it is necessary to the core function of the business. Open access across a business because it is convenient, or to support incidental functions, will not longer be acceptable.
This will be a particularly sensitive area in outsourced contact centre operations. In these arrangements, the main client company outsourcing the work will held accountable for ensuring the customer data they make available to the third party is appropriately protected.
In this environment, access and security administration could become a key point of difference when selecting contact centre solutions. Businesses will look for systems which balance sophisticated access control options, backed by robust security, with as straightforward a UX as possible.
Another key issue will customer consent and control. For contact centre and service operations which use advanced analytics to track customer journeys, explaining exactly what data is collected and why presents its own challenge. Explaining how Big Data algorithms map, profile and predict behaviour in order to offer a better customer experience is not easy. On top of that, there is the requirement to give customers access to their own data on request, and erase it if asked to do so.
All of these will have to be built into the data management systems. Protocols for giving customers secure, private access to their own records will have to be established. But for that to happen, the data must be catalogued and stored in a way which makes it easy to access if required.
For any individual customer, company will need to have full oversight of all the data they possess about them. Long, loose trails of records stored in many different locations will make it all but impossible for businesses to identify all the data they possess on any one customer. Better integration and archival management is therefore important to remaining compliant.
Contact Centre Series Sponsors
8×8 is the provider of the world’s first Communications Cloud that combines unified communications, team collaboration, contact centre and analytics in a single, open and real-time platform.