In our ever-connected world, data is everywhere. But having access to an ever-increasing amount of information has also led to a number of challenges. The possibility of data breaches, with their potentially disastrous consequences, is one increasingly important challenge that businesses need to face.
When you take into account the huge amount of customer data collected and stored on a daily basis in contact centers, it is not surprising to learn that data breaches are the single biggest risk factor in the contact center industry. And although there is no way to 100% guarantee you will avoid a data breach, with thorough preparation it is possible to mitigate the potential risks.
Below, we compiled details of the most important contact center compliance legislation related to data security you should be aware of.
Telephone bank card payments
These days most companies provide customers with the opportunity to make immediate online purchases. However, when it comes to paying online (especially in a post-GDPR world), data security is always a major concern – for both companies and customers.
With that in mind, it’s vitally important for companies that provide real-time telephone-based payment solutions to ensure that the customer data they process while handling card and debit card transactions is completely safe and secure, and in particular is based on PCI DSS regulations.
The PCI DSS certificate, issued by the five largest credit and debit card issuers in the market (Visa, MasterCard, American Express, Discover and JCB), is one of the strictest security standards in the world, and applies to any organization that accepts credit and debit card payments. To be able to begin initiating real-time payments during phone calls your company, or the outsourced call center you rely on, will need to be in possession of the PCI DSS certificate.
Having been the proud holders of the PCI DSS certificate for four consecutive years, we here at VCC Live can confirm that it is the ultimate proof of a solution’s success in keeping its business data safe and secure.
GDPR
The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, is a regulation that contact centers have no choice but to comply with. Aiming to strengthen data protection across the EU, the regulation gives people more control over how organizations can use their personal data.
GDPR has brought major changes to the business world, and call centers, which usually deal with a huge volume of data, are no exception. It also introduced heavy penalties for organizations that fail to comply with the new legislation.
This legislation requires contact centers to operate in accordance with strict rules, such as making sure customers can easily access their personal data and providing them with the right to be forgotten.
Even though GDPR is now in effect, many organizations are still trying to determine what their obligations are under the new rules (if you’re still unclear whether your call center is GDPR compliant or not, it’s time to check out our GDPR checklist).
Call recording
Call recording is a common call center practice, with most contact centers recording customer calls for security and training purposes. However, the correct handling and processing of recorded calls can cause (and indeed are causing) headaches for many businesses.
Voice files are considered personal data as they can include personal details, such as the caller’s name, address or financial information. As a result, call recording is classified as a form of ‘data processing’, and falls under the new rules covered by GDPR.
When it comes to call recording the golden rule is that agents will need to specifically request permission from their customers to be able to record calls. Therefore, it is essential to ensure that your staff always pay special attention to obtaining consent from your customers.
In particular, contact centers should never assume that informing customers about call recording is enough to indicate consent. Instead, they need to directly ask customers for permission, while also telling them they can opt out of the call before the conversation continues.
Take away
As you can see there are several important rules and regulations contact centers must abide by. And as new rules continue to appear every year, it’s best you always stay prepared by making your organization fully aware of the importance of data security.