Enterprise-grade contact center software requires high levels of security and compliance to protect all customer data. As an enterprise provider of global cloud contact center solutions, Bright Pattern knows the importance of compliance with industry standards and regulations.
Our cloud contact center software infrastructure and practice have been designed to meet the requirements of the GDPR.
What Is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU and the European Economic Area (EEA). The GDPR was approved by EU Parliament in April 14, 2016, and was enforced as of May 25, 2018. Designed to protect the data privacy of European citizens and to secure their personal data against data breaches, the GDPR has a tremendous impact on how businesses approach data privacy.
Who it Affects
The GDPR applies to any company that processes the personal data of data subjects residing in the European Union, regardless of the company’s location.
A company in breach of the GDPR requirements can be fined up to 4 percent of annual global turnover or €20 Million (whichever is greater).
Consent to process data must be provided in an intelligible, accessible form, using clear and plain language, and it must be easy to withdraw.
If there is a data breach, companies must notify their customers and controllers within 72 hours of becoming aware of the breach.
People have the right to receive a free copy of their personal data, along with confirmation of how, where, and why their data is being processed.
Right to Be Forgotten
People have the right to have their personal data be erased and have organizations stop disseminating and processing their data any further.
People have that right to receive their data in a “commonly used and machine readable format” and be able to transmit that data to another controller.
Need to Know
Organizations must minimize their use of and access to data, holding and processing only the data absolutely necessary for the completion of its duties.
An appointed data protection officer (DPO) must meet the GDPR guidelines, and internal record keeping requirements apply.
Compliance for Contact Centers
GDPR compliance should be a top priority for any business that has customer service interactions with people who reside in Europe. Not just applicable to businesses, GDPR compliance involves everyone, as it regulates how data privacy is handled by both businesses and people (i.e., “data subjects). Compliance needs to happen at every level of infrastructure, from the cloud provider to the business to the agents to the customer.
How We Are GDPR-Compliant
To support compliance with the GDPR requirements, Bright Pattern allows authorized personnel to manually erase the content of any interaction. Depending on the interaction media type, the content that can be erased includes voice recordings, voice recording transcripts, chat transcripts, the body of email messages, and screen recordings. Note that when content of an interaction is erased, the interaction record itself is preserved.
The ability to remove sensitive data from interaction records is enabled for users with a special security administration privilege. As such, privileged system administrators can erase content from specific interactions, services, and campaigns. Content erasure is recorded in every contact center’s audit log, and system admins can find each instance of erasure via search.
As part of the right to be forgotten, customers have the ability to request that their data be erased. Although agents cannot do the erasing themselves, they can disposition interactions with a request to erase content, provided that they give a reason, which will automatically send the request to the system administrator.
Through Bright Pattern Contact Center software, we provide the tools to protect and secure private data, but it’s up to our customers to use these tools properly. Content erasure is supported in version 5.2 of the Bright Pattern solution.