The General Data Protection Regulation (GDPR) is arriving. Businesses in the European Union (EU) and anyone that collects, stores, or uses EU citizen personal data is impacted. Many see complying with GDPR as a cost to the business, but I think it could be a benefit to the call center. Complying with GDPR will help ensure that the personal data collected and used at the contact center will be better protected.
To explore the contact center angle further, I reached out to Erik Ashby, principal program manager at Helpshift, a customer service-focused company providing AI-powered Web and mobile-based solutions. Here's how our conversation went.
How are U.S. organizations responding to GDPR?
The U.S. organizations that we work with have been taking GDPR very seriously. This is due to a general increased effort by U.S. businesses to secure and protect personal data, coupled with the importance of being able to provide services in a global market. These companies are applying the principles of GDPR across the board and not just to their European customers.
Will complying with GDPR improve U.S. organizations?
Absolutely. GDPR provides a framework that companies can use to measure themselves against. The core of GDPR is about securing and protecting a person's data, ensuring a person's rights with respect to their data, and holding companies accountable in how they handle a person's data, or respond to their requests when invoking their rights. These are basic good business practices that ensure trust by people who use a brand. In addition, we have recently seen in the news (thanks to Facebook) what can happen when personal data is not appropriately protected.
What is the effect on the call center?
GDPR has two key impacts on a call center.
First, call centers often collect, have access to, and manage personal data. During the support process, agents can capture email, logs, phone numbers, and other private information as part of the process. As such, call centers need to be aware of GDPR and need to understand how they manage, protect, and ensure the customer's rights around data collected during a support interaction.
Second, call centers can also become the center for handling GDPR requests. If a customer has a privacy concern or decides to invoke a right with respect to their personal data, the support center may be tasked with handling that request. For example, if a customer who has been using a brand wishes to terminate their interaction and invoke the right to be forgotten, this task will often be done through the call center. Call centers should prepare for an increase in support cases related to GDPR.
Will agents need more training for GDPR?
This depends. Some companies will find that GDPR is just an extension or formalization of their existing privacy and security practices, while others may need considerable adjustment to comply with these standards. Assuming that a company has had good security and privacy policies in place, most of the new training will be related to how to interact with customers who invoke a specific right: For example, the process that agents follow when a customer asks to have a copy of their data.
Will online sales be impacted? If so, how?
Any service (including online retail) that needs to capture and manage private data is impacted by this. As we have seen by the recent Facebook privacy scandal, the importance of protecting private data goes far beyond online sales and includes gaming, retail, home security, business productivity, and more. All of these segments are impacted.
Talk about AI and bots relative to GDPR.
Both AI and bots can help customers manage their GDPR requirements:
AI can be used to help identify GDPR risks in systems or processes that may expose private data. A simple example is that AI could automatically identify if a transaction includes unnecessary private data and automatically flag this as a risk.
Bots can help manage the increase of GDPR requests. Many of the user rights (such as the right to be forgotten or the right to data portability) can be automated through the use of a bot. Bots can interact with persons who have GDPR concerns and in many cases resolve them without the need to involve a human agent.
Who needs to be GDPR compliant, Helpshift or your customers?
Both. Helpshift is considered a data processor for our customers. We are responsible for ensuring that a person's data is protected and secure. Our customers are responsible for interacting with the person to respond to their GDPR requests and for ensuring that the support team appropriately protects their private data. We provide tools, processes and the legal framework by which our customers can be GDPR compliant and the platform to manage GDPR requests.
What are the anticipated costs of compliance?
Customers will see an onboarding cost as they go through the assessment of their current system, and develop their data catalog, internal tools, and processes. There will also be additional cost as they learn to manage GDPR requests. However, over time these costs will level out as they automate the processing of GDPR requests, and as GDPR guidelines become part of normal processes.
Are U.S. organizations' staff ready and qualified?
Not everyone. The good news is that with recent events, companies can see the real business impact and risk of failing to properly manage private data. The result is that we are seeing companies taking the steps needed to become qualified.
Related content: