The Top 7 Questions About GDPR from Calabrio Contact Centre Customers
As we help our customers prepare for the fast-approaching General Data Protection Regulation (GDPR) compliance deadline, several common questions keep popping up. You may wonder about some of the same things—here’s what they are.
1. Can my company transfer customer contact data outside of the European Union (EU)? For example, if we capture data in the United Kingdom, can we transfer that data to a contact centre located in the U.S.?
Yes, a provision was added to the GDPR that allows you to transfer individual contact data outside of the EU, within certain parameters. You may transfer data to the U.S., for example, as long as the receiving organization maintains the same data security standards as those required by the GDPR. Typically, companies that maintain strict data security regulations—such as those covered by ISO/IEC 27001 certification—already have adequate regulations in place for this type of data transfer.
2. What is Calabrio’s response to an individual’s right to be forgotten?
Our Calabrio ONE platform provides tools that enable our customers to easily adhere to this GDPR requirement by enabling the simple deletion of personal records as requested by individuals. (You can find out more about Calabrio ONE’s GDPR-specific functionality in this tech note.)
3. With GDPR, employees also have the right to be forgotten. How do we remove/delete employee data from Calabrio ONE?
With tools similar to those used to delete customer records, Calabrio ONE lets companies record an employee’s termination date then delete the employee’s personal information from the platform. Non-personal, yet valuable, data—such as performance reviews, adherence records, etc.—then can be made anonymous, so the information may be maintained and leveraged as part of historical trend data while still complying with GDPR guidelines.
4. How can an individual ensure they’re not recorded if they choose not to be?
The Calabrio ONE platform supports this capability, but the responsibility itself belongs to Calabrio ONE users—they need to give their customers the ability to choose whether or not to be recorded. A best practice we recommend is to use interactive voice response (IVR) to ask callers to choose whether or not they want to be recorded at the beginning of each call, then send those callers who don’t want to be recorded to a separate queue for handling. Individuals also may request not to be recorded once they connect verbally with a contact centre agent.
5. If an individual decides they don’t want to be recorded once a call already has begun, how can a contact centre agent stop the recording and ensure what was recorded is promptly deleted?
Calabrio ONE recording tools allow the agent to stop the recording at any point and immediately delete any previous segments that were recorded—or delete the call in its entirety—by simply pushing a single button. Then, at the end of each day, all “delete call” requests are removed from the Calabrio ONE call archive.
6. Does an “event” need to occur in order for an individual to request their personal data (i.e., they complete a mortgage application)?
No, an event does not need to occur in order for an individual to request their personal data. If an individual believes a company is holding his or her information, they have a right to request it at any time.
7. How far back in time may an individual request their personal data?
An individual may request their personal data for as far back as the data is held. A company may hold data, however, only for as long as that data is needed to achieve the purpose for which it was originally gathered. For example, if an email address was given to a company running a sweepstakes, that email address needs to be automatically deleted from the company’s database once the sweepstakes ends.
Get more details—download our Contact Center GDPR Compliance with Calabrio ONE tech note.