Blog

5 Ways a Bank’s Contact Center Becomes GDPR Non-Compliant

From the moment the EU’s General Data Protection Regulation (GDPR) was finalized in April 2016, there was a sense of impending doom for business leaders. The data privacy standard would go into place in May 2018 and two years was about to go by very quickly.

So many articles emerged warning business leaders to take action before it was too late. Now, we’re almost a full year into GDPR enforcement and banks are feeling the impact.

In the first 3 years of GDPR, banks are expected to be penalized with fines up to €4.7 billion. With a single fine for non-compliance costing €20 million or 4% of global annual revenue (whichever is largest), banks can’t afford to fall short with GDPR.

One aspect of your business that needs to adapt to GDPR is the contact center. As a data controller, your contact center falls under the scrutiny of GDPR requirements, forcing you to shift from some traditional systems and processes.

Don’t let the following 5 pitfalls make your bank non-compliant with GDPR and lead to significant fines.

1. Assuming Consent with Call Recordings

In the past, you might have recorded contact center calls for the sake of quality review and historical reference. Now, under GDPR, your ability to record calls is restricted.

The main theme of GDPR is consent. If consumers aren’t explicitly consenting to data collection and, in the case, call recording, you could be GDPR non-compliant. To make things a bit clearer, GDPR says you should fulfill at least one of the following six conditions to record calls:

  • Recording the call is essential for contract compliance
  • Having a call recording is a legal necessity
  • People on the call have specifically offered consent for recording
  • The call recording is critical for someone’s protection
  • The recording is necessary for public interest
  • Call recording is in the best interest of your company (unless those interests are less important than those of participants)

By addressing these conditions, you can record calls without breaking compliance. However, you’ll likely be recording far fewer calls than in the past.

2. Maintaining Data Storage Status Quo

It’s no secret that banking contact centers should regularly update customer data. However, the stakes are higher now that GDPR is in effect. Any data breach will result in significant fines. And because GDPR applies specifically to EU citizens, there are strict rules regarding cross-border data transfer for global banking brands.

One difference between your usual approach to data storage is that GDPR includes the Right to be Forgotten. This means that a customer can request that your contact center erase all of their data from your systems and you have one month to comply.

You need efficient processes and systems in place that will help you track granular pieces of customer data so you can easily delete that information upon request. It’s a new challenge for banking contact centers, but one that is essential for GDPR compliance.

3. Leaving Customers in the Dark Regarding Data

Another core component of GDPR compliance is making it as easy as possible for customers to access the data you have about them. Much like when addressing the storage challenge, you need efficient ways to track customer data so your contact center representatives can collect necessary information as quickly as possible.

One difference between data storage and this level of accessibility is that, when requested, you must be able to present all relevant, stored information to a customer in a structured digital format.

Many banking contact centers may already have the ability to track customer data on an individual level. But the ability to prepare that data to be shared with the customer seamlessly adds another layer of complexity.

Once a customer has requested the digital collection of his/her data, your contact center representatives have one month to comply.

4. Treating GDPR Compliance as a One-and-Done Process

GDPR compliance isn’t a one-time hurdle—it’s an ever-present demand for data protection that will change the way contact centers are organized and operated.

Once you achieve GDPR compliance, you can’t sit back and assume your business will stay that way forever. Your contact center needs constant monitoring and auditing to ensure GDPR requirements are met and that you’re adapting accordingly to database changes and new cyber threats.

One way to help maintain GDPR compliance is to stop using volume database metrics to track the success of contact centers. It doesn’t matter how many email addresses you keep in the system if it’ll just lead to non-compliance. Focusing on consent and building customer relationships will keep you compliant and drive business results.

5. Banking on PCI DSS Compliance to Cover You

For all the attention being paid to GDPR compliance, you might sit back and think to yourself—we’ve done all of this to achieve PCI DSS compliance.

Banks should already have processes and systems in place to protect card data through regular auditing and advanced cybersecurity measures. And even though PCI DSS compliance can go a long way toward helping you prove GDPR compliance, they aren’t entirely transferrable.

For your banking contact centers to maintain GDPR compliance, you have to go the extra mile to figure out which data requires protection outside of the PCI DSS purview. Once you can apply your PCI DSS framework to that additional data, you’ll be able to avoid costly penalties.

Get the Technology You Need to Support GDPR Compliance

Employee training and organizational awareness are critical components to GDPR-compliant contact centers. However, understanding the need for greater data privacy processes is only part of the battle. You need software solutions that will support a compliant banking contact center without hindering productivity.

That’s why unified contact center solutions are so helpful in the age of GDPR. They bring all of your customer data together under one umbrella, making it easier to protect, organize, and access.

Button Yellow Buyers Guide

If you’re looking to upgrade your contact center technology to better support GDPR compliance, check out this free buyer’s guide to discover what, why, how, and when to purchase.