Data Protection and GDPR within Customer Experience
The recent storm over sharing of personal Facebook data demonstrates the importance of information protection and usage by businesses. Consumers are now even more aware of their online data footprint and want to ensure that they understand what it is being used for. At the same time, legislation will help them - the forthcoming General Data Protection Regulation (GDPR) is designed to increase safeguards around consumer data, backed up by large fines of up to €20m or 4% of global turnover, for organizations that transgress it.
We covered the details of the GDPR itself in a previous blog, but it is important to stress that much of it is not new – while it is more detailed than previous security and privacy legislation, it should not require well-run, secure organizations to fundamentally change how they operate.
Customer experience is very much at the frontline of data protection. Customer service teams are interacting with consumers every day, and accessing and using their personal information. Under the GDPR consumers have the right to find out what data a company holds on them, and to ask for it to be amended and deleted – it is likely that the majority of these queries will be channeled through customer service teams.
How can companies therefore ensure that they are putting data protection first and achieving GDPR compliance when it comes to customer experience? There are four ways they should approach GDPR:
1. Security
Protecting consumer data has always been critical to an organization’s brand reputation and bottom line. With GDPR, not only do companies need to safeguard data, but they need to document their processes and have the ability to notify regulators and customers of any breaches within 72 hours. At Eptica we’ve built our CX platform on security and are continually testing it for potential issues. We’re now working closely with customers to ensure that they have the right information on our security features so that they can complete their GDPR preparations and paperwork ahead of the deadline.
2. Knowledge sharing
When consumers have queries about how you use their data, they are going to contact your customer service team. This means you need to ensure that all of your agents, whatever channels they work on, know what your policies are, deliver a consistent message, and pass on any requests (such as to view or amend personal data) to the right department quickly and easily. Not only does this involve training all agents, but also giving them access to consistent, approved answers, such as by adding GDPR information to your centralized knowledge base.
3. Focus on documentation
As I’ve said, one of the big changes with GDPR is the need to document processes – fail to do so and you will be in breach of the regulations. In the complex world of customer experience, with multiple processes happening across the journey, documenting everything can appear daunting. That’s why we’re working closely with our customers to help them ensure that processes and paperwork match, and they are not only protecting customer data, but have a clear record of how they are doing it.
4. Redesign operations
Over the past few months, we’ve all had a plethora of emails from brands asking us to confirm that they still have permission to contact us, ensuring that we are opting in to receive specific information, on specific channels. This is one of the ways that brands need to redesign their operations to meet the GDPR – and also to achieve best practice when engaging with customers. At Eptica our system is designed to be clear and transparent, with flexible workflows that make it easy to see exactly what data is being used where, with a full audit trail. Therefore, if processes change, our platform can change with them to seamlessly match and enable compliance.
The good news is that local data protection authorities, who will be responsible for enforcing the GDPR are sharing information, best practice and advice to help companies be ready for the May 25 deadline. In the UK the Information Commissioner’s Office (ICO) has published multiple guides and checklists to GDPR, which can be downloaded from its website here.
There is less than a month until the GDPR becomes operational, meaning most brands are already well-advanced in their compliance programs. Customer experience is a key part of meeting the GDPR – brands must ensure they are focusing on the four areas above if they are to protect consumer data and build trust with their customers.