The GDPR is not only changing the way organisations think about data; it is changing how consumers think about data as well. Data is no longer just an asset gathered by organisations from customers and end users; it is now also an asset for customers.
The GDPR brings with it the concept of the data subject (the customer) and data subject rights, and with that the right to access, to be forgotten, to data portability, to privacy by design and the obligation to notify breaches. What these new rights mean is not entirely clear to organisations just yet but one thing is definitely clear – customers and end users now have more power to control how their data is used and what it is used for. This is uncharted territory for many (if not all) organisations, and the threat of hefty fines for non-compliance means organisations cannot afford to make any mistakes.
A new Journey in a More Complicated Landscape
For contact centres in particular, GDPR poses many interesting challenges. The Right to be forgotten, for example, presents an existential problem for the way many contact centres are set up. For example, contact centers often operate multiple data recording and CRM systems simultaneously. These systems are designed to remember and integrate as much customer data as possible – the exact opposite of erasure. The GDPR therefore calls for a design overhaul of these systems, hence the horrified IT manager.
The Right to Be Forgotten is not only a technical challenge, it is also a problem as it can clash with other evidence keeping requirements. Our customers often ask: “What can I do if the same interaction that was deleted must also be used as evidence?” So the challenge is twofold: it’s about finding the right interactions and deleting the right amount of information to ensure compliance.
A New Relationship with the Customer
Under GDPR, the customer will have more control than ever over how their data is gathered, stored and processed. At any given time, the customer can ask for any information an organisation is holding that concerns them. They can also ask that the data be erased. “Privacy by design” and mandatory breach notification (within 72 hours) will also become mandatory.
This new layer of transparency is bound to transform the customer journey and what the customer expects when they interact with any organisation. For example, when it comes to consent, the new regulation states that all people involved in a call must provide their consent to be recorded. And although the regulation is not entirely clear on if this must be explicit or implicit, failure to comply would still be considered a breach.
A New Age of Customer Trust
This new requirement for consent will increase trust between customers and the organisations they do business with. For organisations, the knowledge that your customers have given informed consent to use their data can be very empowering. It shows that the customer has taken a first positive step in engagement. Once you have the customer at your fingertips, this can be leveraged to nurture a more trusting relationship.
The ambitious “right to data portability” also presents an opportunity for organisations to impress customers with their honesty and transparency. With customers now able to require an organisation to provide them a copy of personal data that they have previously provided, if you can provide it immediately, you will readily demonstrate efficiency and a positive customer experience.
Embrace ‘Privacy by Design’
Random compliance checks are not enough – The GDPR calls for ‘privacy by design,’ that is, privacy integrated into every facet of products and services. Moreover, the regulation also demands data minimisation, meaning that companies only collect necessary data. A first step to approaching this, is understanding exactly what personal data you are storing and where it comes from. By analysing your databases and speaking to a cross-section of your organisation, from customer facing employees through to managers and CIOs, you may be surprised at the amount of personal data being stored and used in your organisation. You may be relieved to get rid of some of it and create new policies regarding which data to store in the future.
For many organisations, the mere mention of GDPR causes anxiety and trepidation. But from my experience, GDPR also presents an incredible opportunity to redefine how we derive value from our interactions with customers. By putting the right processes in place, GDPR could actually present a new opportunity to enhance the customer journey and bring new levels of satisfaction to the relationship between customers and organisations.