A Last-Minute Survival Guide
Regulations governing consumer data protection, telephone and e-commerce sales and financial services are becoming more demanding. And now the European Union’s General Data Protection Regulation (GDPR) is in effect.
Does this apply to you?
Yes! ...In ways you may not have contemplated.
The GDPR applies to any organization that stores or processes data about individuals located in the EU when they access the organization's product or service. This applies regardless of where in the world the organization is registered, owned or headquartered. The GDPR's territorial reach is broad, so it can be considered a global legal requirement.
For all sources on this page: See Sources, Acknowledgements and Copyright page
The GDPR is intended to create a ‘privacy by design’ culture, with ongoing compliance and continuous improvement beyond 25 May 2018. Despite the fact that penalties are severe – €20m or 4% of worldwide revenues (whichever is greater) – a 2018 PWC Study4 (Jan. 2018) found that 66% of companies had not moved past the assessment phase of their GDPR preparations and only 8% of worldwide companies had "finished" their prep work.
And while 77% of organizations plan to invest $1 million or more in GDPR compliance and monitoring (Source: PWC5), a stunning 52% of companies expect to be fined for breaching the regulations in some way (Source: Ovum2).
Many organizations started their GDPR compliance efforts with a focus on structured data within the Customer Relationship Management (CRM) and Human Resource (HR) systems. However, unstructured data such as voice, video and instant messages are also covered by the regulations.
This data exists across a myriad of systems, making consent, storage, retrieval and deletion incredibly complex.
Helping You Survive...
The GDPR took effect starting 25th May 2018. What can you do to minimize the risks and impacts it has on your business?
Our Top Five GDPR recommendations.
Here are some top recommendations for your essential GDPR Compliance Program.
The GDPR's ‘privacy by design’ culture should be "top-down". Ensure your executive team is well briefed - they are accountable.
Make data security a high priority for your organization. Ensure that you have policies on how to collect, process and transfer data - within and outside your organization - and that these are understood and complied with by everyone, including the vendors you work with.
Have a data breach policy and procedure and practice them like a fire drill. Your organization may be required to report a data breach to the supervisory authority and the affected individuals within 72 hours of the breach occurring. Depending on the impact of the breach, listed companies may have to inform a stock exchange.
Understand how the new rights of individuals affect your internal and external stakeholders. Create policies and a systematic way to handle rights such as enhanced Subject Access Requests.
Achieve a state of preparedness that allows your organization to produce a Data Protection Impact Assessment1 for each of your processing activities. This gives visibility of the risks within your business and may be compulsory for some businesses. Do this as soon as possible. 1 See Article 35 of the GDPR
Turn the page to see how Verint can help you...
You had a way to ensure that data you collect is encrypted at all times?
Then you would be able to avoid the risks, costs and reputational damage of having to notify, within 72 hours, every person whose data is affected by a breach.
Did you know...?
...that Verint's Recording solutions can be enhanced with a state-of-the-art encryption option that helps ensure your data remains impossible to open up, whether it is in storage, being actively processed or at some point in between.
You could ensure that your employees ALWAYS followed your established scripts and procedures for gaining customers' consent to process their data?
Then you could avoid the considerable burden of having to identify non-compliant interactions, inform the customer, purge or amend data, coach and re-train staff or even redesign your processes.
Did you know...?
...that Verint Desktop and Process Analytics can recognize process steps and data entered by your employees and automatically provide process and scripting advice to help them stay compliant. It will also recognize and tag sensitive data to assist with later identification and retrieval.
You had a way to identify, track and extract personal data, wherever it is held?
Then you would be able to reduce the time and effort needed and more easily comply with data access requests and the “right to be forgotten”.
Did you know...?
...that Verint's open platform, APIs, custom data fields and professional services can help reduce the overheads of complying with the GDPR? They empower you to track customer data across systems and to find, delete or export it to meet requirements, such as the right to access and to be forgotten. The open APIs also allow our solutions to co-exist and interoperate with key back and front-office systems from many suppliers, removing the need for multiple solutions or expensive intermediate processing.
You had a way to carry out automated testing and evaluation of your technical and organizational measures for data processing security?
Then you would be able to streamline your approach and minimize the resources needed to verify your compliance with the GDPR requirement that such processes are in place.
Did you know...?
...that Verint's Automated Verification solution automates testing and verification of systems across multiple applications, to support regulatory compliance and help avoid issues with service availability, data integrity, and data breaches. It actively checks that your ACD, IVR, routers, firewalls, recording and desktop applications are working properly by proactively simulating transactions to validate performance, and reporting on system health, status, and performance.
You could easily capture information about the range of approaches taken by your employees (in customer interactions), map and compare it to your ideal process?
Then you could very quickly establish which processes and steps most often create problems, mapping and monitoring process steps to support the re-configuration needed to help ensure compliance.
Did you know...?
...that Verint's Desktop and Process Analytics solution provides capabilities for monitoring and mapping the steps that your employees actually take when handling customer interactions and data, enabling you to easily compare those steps with your preferred process and identify where and how things go wrong. This information will be invaluable in helping you design processes that help ensure compliance with the GDPR, first time, every time.
How prepared are you?
- We had invested heavily long before GDPR came into effect and we are fully compliant since May 2018.
- We have been mostly compliant, but we are still investing internally, on outside help, and in new solutions.
- We have invested in tools and services to help us comply, but there's more to do.
- We made minimal operational changes due to GDPR and only invested internal resources.
- We haven't invested in GDPR compliance at all.