The EU General Data Protection Regulation, GDPR, grants and protects the rights of individuals – our customers and their customers as well – in regard to how their personal data is collected and processed.
Since customer service agents work with personal data every minute of every day, GDPR has a huge impact on the operation of most call and contact centers. In most companies supporting technology needs to be reviewed, data flow needs to be mapped, new processes will have to be instated and agents trained. As a vendor of customer service technology that helps businesses talk to and store their customers’ data, we are GDPR compliant ourselves and are committed to helping you comply with GDPR legislation as well.
Does GDPR affect me?
Most likely yes. If your company processes the personal data of people (data subjects) residing in EU, you’re affected. It doesn’t matter where the processing itself takes place; even if both your company and servers are based in the US – or anywhere else for that matter – you still must be GDPR compliant. So, where does Elloe fit in?
New rights of data subjects & what we’ve done
We’ve built new features that will enable you to comply with your customers’ GDPR-related requests, most notably the right to be forgotten and right to access their data.
The right to be forgotten
Data subjects have the right to have their data deleted – and be effectively forgotten – upon request. To handle this we’ve implemented a feature that irreversibly anonymizes a contact’s details. In other words, we don’t delete the data (which will still be there for reporting purposes), but instead we anonymize it in a way that makes it impossible to trace any interaction back to the data subject, who will also no longer be identifiable. As a part of this, we’re also able to obfuscate the content of emails & chats as well as delete voicemails & call recordings as these will often contain the exchange of personal data. We expect anonymization instead of deletion to become the industry standard as it retains all the stats that a contact center needs for reporting purposes.
The right to access & data portability
In short, customers can request access to all their data, which will include data stored in Elloe. Businesses are required to deliver these in an electronic format, and data subjects may pass this on to other companies. Please be aware that when you get such a request, you will have to state where and justify why you collect and process their data.
We got a request – what do we do?
Just send an email to [email protected] in which you clearly identify the contact and nature of the request. We’ll take care of the rest 🙂
New terms & conditions plus data processing agreement
We’ve updated our T&C to comply with GDPR ourselves, and we have a data processing agreement (DPA) ready to sign upon request for those customers who need it. In conjunction with the T&C update, we’re also now able to collect express consent to process our customers’ data, which is another GDPR requirement.
Consent & call recording
While many countries have demanded that people be informed when recorded, now GDPR requires the express and informed consent in the form of a positive opt-in of each individual. This is a pretty big change. How you go about getting consent isn’t up to us, but we would like to give you a tip for call recording specifically. You can build an IVR into your call flow that has a two-way split: One to a queue without call recording, and one to the same queue with call recording. Inform customers correctly in the IVR announcement and you will have obtained the required consent for recording.
I have questions – who do I contact?
We’ve appointed a Data Protection Officer (or DPO). It’s the DPO’s job to oversee our data management, including the data flow and processing of, well, everything. You can contact the DPO on [email protected]