Opinion

EU’s General Data Protection Regulation to shake up customer service communications

5 min read

03 May 2016

Customers now require consistent service standards across email, social media and telephone communications, leaving it up to businesses to tackle the technical challenges this poses.

In order to deliver the highest levels of customer service and experience across all mediums, businesses in the UK have to store and access huge amounts of customer data that will soon be subject to the European Union’s General Data Protection Regulation (GDPR).

British consumers are largely unaware of this extensive makeover of Europe’s dated privacy laws and businesses must rise to the challenge of complying with the new regulations without compromising the quality of customer communications.

To provide the kind of 24/7 support that customers expect, many UK businesses have developed networks of onshore and offshore call centres, online data stores and document repositories. But with the implementation of the GDPR, companies must reconcile customers’ demands to access data any time, anywhere, on any device, with the limitations that these strict new guidelines place on data usage, processing and transfer.

The guidelines state, for example, that data must be processed transparently for a specified legitimate purpose and that the subject of the data must be made aware of why it is being processed, how long it will be stored for and how to request its erasure. Failure to do so could result in fines of up to €100m or five per cent of global revenue (whichever is the greater amount).

When engaging with an organisation, customers want to have multi-threaded conversations, without any fluctuation in the level of service or experience. At the same time, organisations must adhere to the highest data protection standards.

Read more about data protection:

The EU last drafted data regulations in the mid 1990s, before the internet was fully established. The GDPR is at the forefront of data protection legislation and the rest of the world is likely to follow Europe’s lead.

In fact, the GDPR’s reach extends beyond the EU and the legislation is applicable to any entity processing the data of EU citizens, even those entities based elsewhere, so whether Britain votes in or out, British businesses dealing with EU subjects will still have to comply with the regulations, as will any offshore service providers they use.

Organisations using the data of EU subjects will have to meet the GDPR’s data security requirements, incorporating data protection safeguards into all their processes and across all their channels.

Those working with offshore service providers will need to verify that they are fully compliant with the GDPR, particularly where customer data is transferred to jurisdictions where data protection standards may be lower.

Take the example of a customer asking for a copy statement. This sort of simple customer service request would typically be handled in a low-cost jurisdiction outside the EU. However, an offshore call centre with access to the data of EU citizens will now need to ensure that it operates in accordance with the GDPR.

The more robust new regulations have driven developers to build third generation secure document repositories. These digital data vaults use multiple layers of security to enable the remote document access businesses and customers need, whilst complying with all relevant legislation.

Compliant secure document repositories can take away the headache of interpreting and applying the new regulations to the management of customer documents, facilitating GDPR compliant access to the data these documents contain and reducing the risk of data exposure.

The digital age has made consumers grow weary about what happens to their data. As such, we talked with experts from Striata to find out which steps businesses can take to establish a relationship of trust.

Mike Wright is CEO of global paperless communication specialist, Striata.

Image: Shutterstock