Can your customers trust you? GDPR and CX - six months on
It is now six months since the May 25 deadline for General Data Protection Regulation (GDPR) compliance. The legislation transformed how organizations collect, store, protect and use personal data, both of customers and employees. Stiff fines of up to €20m or 4% of global turnover reinforced how seriously companies need to take safeguarding personal data.
Thanks to the GDPR the vast majority of companies have now reviewed all of their processes around personal data, for example collecting all of the necessary permissions to contact customers through specific channels and documenting their policies and procedures. As our technology is used to store customer data, we have worked closely with our clients to provide them with the reassurance and documentation that we are fully compliant with the GDPR. Our software has always been built on principles of security and confidentiality, meaning that we were confident that our platform was ready for the GDPR.
Over the last six months we’ve been supporting our customers in four main ways to help their GDPR compliance work:
1. Ensuring the Right to be Forgotten
One of the key provisions of the GDPR is the Right to the Forgotten. Essentially, consumers can request to see all the data you hold on them, and also can ask that their data is removed from all of your systems. Achieving this within Eptica is straightforward, and our open APIs also mean it is easy to achieve a holistic view of the customer to ensure that data is removed from every system. We’ve therefore worked closely with customers so that they can meet their obligations under the GDPR, and document the processes that deliver compliance.
2. Protecting personal data
Safeguarding personal data, such as by anonymizing fields, is relatively straightforward when it is structured. That means it is clear which fields relate to information around a customer’s name or address for example. When you are collecting unstructured data, such as through our vecko Voice of the Customer solution, this can be more complex. There are no field names to guide anonymization, which can be a particular issue if customers share names with popular keywords. For example, if a Mr. Green is ordering a green product, traditional keyword-based systems will not be able to differentiate in order to anonymize personal information. This is where our AI-based Natural Language Processing (NLP) technology helps with compliance. It is able to better understand the context of words and phrases within unstructured data, enabling it to identify names and other personal information based on the overall context.
3. Sharing best practice
Since the GDPR was announced, we’ve been working closely with our customers to help them prepare. As my colleague Lenka discussed in last week’s blog, we’ve focused on sharing best practice, helping customers meet the May deadline. As well as one-to-one meetings, we’ve also run events for customers, including one in conjunction with the French data protection authority CNIL. Through our experience we’ve been able to advise on particular areas, such as which data you collect through webforms, and how you explain what it will be used for to customers.
4. Focus on security
We have always taken our security obligations very seriously when it comes to protecting customer data. As part of our preparations for the GDPR we have rewritten our security policy and made it available to customers in English and French and increased our efforts on security testing. We’re now undertaking even deeper, more structured analysis of every update to our software, prioritizing security and safeguarding customer data.
Many organizations see the GDPR as a constraint that forces them to change how they operate. At Eptica, we see it as a natural part of what we do – protecting customer data and treating their information in a compliant, secure manner is crucial to building trust and loyalty. That means we’ll continue to support our customers to ensure compliance, both now and in the future.