As we help our customers prepare for the fast-approaching General Data Protection Regulation (GDPR) compliance deadline, several common questions keep popping up. You may wonder about some of the same things—here’s what they are.
Yes, a provision was added to the GDPR that allows you to transfer individual contact data outside of the EU, within certain parameters. You may transfer data to the U.S., for example, as long as the receiving organization maintains the same data security standards as those required by the GDPR. Typically, companies that maintain strict data security regulations—such as those covered by ISO/IEC 27001 certification—already have adequate regulations in place for this type of data transfer.
Our Calabrio ONE platform provides tools that enable our customers to easily adhere to this GDPR requirement by enabling the simple deletion of personal records as requested by individuals. (You can find out more about Calabrio ONE’s GDPR-specific functionality in this tech note.)
With tools similar to those used to delete customer records, Calabrio ONE lets companies record an employee’s termination date then delete the employee’s personal information from the platform. Non-personal, yet valuable, data—such as performance reviews, adherence records, etc.—then can be made anonymous, so the information may be maintained and leveraged as part of historical trend data while still complying with GDPR guidelines.
The Calabrio ONE platform supports this capability, but the responsibility itself belongs to Calabrio ONE users—they need to give their customers the ability to choose whether or not to be recorded. A best practice we recommend is to use interactive voice response (IVR) to ask callers to choose whether or not they want to be recorded at the beginning of each call, then send those callers who don’t want to be recorded to a separate queue for handling. Individuals also may request not to be recorded once they connect verbally with a contact centre agent.
Calabrio ONE recording tools allow the agent to stop the recording at any point and immediately delete any previous segments that were recorded—or delete the call in its entirety—by simply pushing a single button. Then, at the end of each day, all “delete call” requests are removed from the Calabrio ONE call archive.
No, an event does not need to occur in order for an individual to request their personal data. If an individual believes a company is holding his or her information, they have a right to request it at any time.
An individual may request their personal data for as far back as the data is held. A company may hold data, however, only for as long as that data is needed to achieve the purpose for which it was originally gathered. For example, if an email address was given to a company running a sweepstakes, that email address needs to be automatically deleted from the company’s database once the sweepstakes ends.
Get more details—download our “How-To Guide to Navigating the GDPR and CCPA” Ebook.