The Impact of the General Data Protection Regulation (GDPR) in the Contact Center


Share on LinkedIn

Sparkcentral GDPR Contact Center

2018 is a big year for data protection. The General Data Protection Regulation (GDPR) is a significant piece of legislation designed to strengthen and unify data protection laws for all individuals within the European Union (EU), but businesses that operate outside the EU should still be aware of this regulation, as the upcoming changes in legislation present an opportunity to improve efficiency in processes relating to data handling.

The contact center is no stranger to personal data, and in our interconnected world, many companies serve international markets. Personal data is used to identify, track, and assist customers and the companies handling this data must be responsible. Contact centers risk data breaches from personnel, third-party integrations, and their day-to-day technology. When selecting software vendors, it is important to select ones that mitigate the risk of breaches. Under the GDPR, authorities can fine organizations up to €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Protect your contact center and your brand’s global reputation by partnering with GDPR-compliant vendors.

What is the General Data Protection Regulation (GDPR) and who does it apply to?

The GDPR applies to all companies that process personal data of EU residents, no matter the company’s location. The EU has mandated updated overarching privacy and data security standards to protect its residents. This is the first global data protection law set by the EU and means that any company that handles information relating to EU residents will have to comply with the requirements of the GDPR.

What are the implications of a data breach or non-compliance?

The contact center is a vulnerable part of your business as customer information is collected, used, and sometimes stored to provide service. The risk of fraud is ever-growing, and many organizations have stated that they have a focus on strengthening their data security practices. The timing of the GDPR aligns with these 2018 goals. Forrester predicts that 80% of firms affected by the GDPR will not comply with the regulation by May 2018. We refuse to be part of that statistic. At Sparkcentral, we believe your technology vendors should lead the way in enabling security best-practices, and we have a reputation for delivering on that ideal. While it is the responsibility of a brand to ensure they’ve selected a secure technology vendor, we believe that you shouldn’t have to pick between a superior workflow and data security.

What is included in the GDPR’s definition of “personal data”?

The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. The concept of “personal data” is very broad under the GDPR and covers any information relating to an identified or identifiable individual (also called a “data subject”). Basically, think of this as any piece of information you could use to determine who a person is and the information associated with their unique identity. Since you could identify someone by their photo, email address, social media posts, the handling of this information is covered by the GDPR.

This regulation gives data subjects more rights and control over their data by regulating how companies handle and store the personal data they collect. The results of being in breach of the GDPR are increasingly significant and may be enforced with heavy fines. Ultimately, the GDPR improves EU individuals’ privacy rights and significantly increases obligations on organizations handling data owned by EU subjects.

GDPR at a glance:

  • The GDPR becomes effective on May 25, 2018, and applies to all companies handling the personal data of European Union residents
  • There are 28 states in the European Union and 100% of companies handling information for EU residents must comply with the GDPR
  • The GDPR is replacing 1995 Data Protection Directive and is intended to protect individuals’ right to privacy in a modern world
  • “Personal data” is any piece of information you could use to determine who a person is and the information associated with their unique identity
  • Contact center agents have access to personal data in order to assist customers, so they need GDPR compliant technology
  • Under the GDPR, authorities can fine organizations up to €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred

What should your customer engagement platform partner do about GDPR?
Achieving your organizational security goals can be a challenge, but the right partner providing customer engagement solutions should make GDPR compliance effortless for you. To help you focus on serving your customers, instead of navigating regulations, make sure that your platform provider will be GDPR compliant before the May deadline.

At Sparkcentral we’re investing in GDPR preparedness so that our customers can feel confident in their ability to protect their customers’ privacy across the world, especially in the European Union. If you want to learn more about the GDPR and Sparkcentral’s plan for compliance, check out our GDPR page.

Image: Sparkcentral

Krysta Gahagen
Krysta is a Product Marketer at Sparkcentral, the leading digital care platform for issue resolution. Krysta currently works with customer-centric brands to develop and strengthen successful social and mobile service strategies based on industry trends and proven results.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here