While the comprehensive, wide-reaching nature of the EU’s General Data Protection Regulation (GDPR) touches every business, call centres face some unique challenges. After all, their core activity is entirely dependant on the use of personal data.
Understandably, call centres are concerned about how their use of a hosted dialler may need to change in light of new regulations. Even after GDPR came into effect in May 2018, people are still considering how data can be validated and checked for compliance and how their opt-in processes may need to change even further.
To help, we’ve prepared a free eBook - Preparing Your Contact Centre for GDPR. In it, you’ll get a complete guide to preparing for ongoing compliance with these new regulations, as well as how your workflow may need to change.
However, the biggest changes aren’t in how you use your hosted dialler, but the justifications that sit behind that use.
Assessing your hosted dialler’s use of personal data
For the sake of understanding, the GDPR idea of ‘data processing’ is perhaps best thought of as ‘using or coming into contact with data’. In many cases, it’s something that starts before your call centre with the company that provides your data, and – when you’re using a hosted dialler – will also have implications for your service provider.
Since you will be processing and often controlling personal information, it’s your responsibility to make sure privacy is maintained. For a lot of call centres, these will be things you’re already doing - but now, your obligations to record and report on them have increased.
You should be reporting on things like:
- Only storing information that’s essential to your activity – names and phone numbers are probably okay, but financial histories may be a problem
- Using encryption for transmitting, sharing, and storing data
- Using encrypted upload methods to get data into your dialler
- Storing information on how and when opt-in was given if applicable
We’d also recommend asking your data suppliers and service providers difficult questions about their own GDPR compliance. Meeting your obligations – and avoiding fines – is something that everyone in your value chain needs to take responsibility for.
Cold calling using a predictive dialler under GDPR
It’s a common misconception that cold calling has become more difficult under GDPR. You do not need to get positive opt-in for every record you hold, nor do you need to reinvent how your campaigns work. However, you should take the time to consider (and record) the rationale behind the calls you make.
This is best achieved through what the Information Commissioner’s Office (ICO) calls a ‘balancing test’ or a Legitimate Interests Assessment. This a process that compares your ‘legitimate interest’ against the rights and interests of data subjects; a type of risk assessment that you can use to demonstrate your rationale behind calling.
Since the European Charter of Fundamental Rights includes ‘the freedom to conduct a business’, conducting a campaign to market a business and generate revenue is a legitimate interest – albeit one that regulators would consider trivial. Similarly, unexpected calls do not infringe on the fundamental rights of a person, but their desire not to be disturbed is a trivial legitimate interest.
In short, call centres can still make cold calls without opt-in. But you’ll need to demonstrate why your interests outweigh the inconvenience – and that’s where classic techniques for using a hosted predictive dialler become essential.
Configuration is still the best strategy for call centre compliance
While GDPR affects multiple areas of your business and will undoubtedly mean you need to change some processes, using a hosted dialler will stay refreshingly familiar.
As ever, the right dialler configuration can keep the level of frustration and inconvenience as low as possible for your data subjects – tipping the balancing test in your favour.
Keeping dropped call and abandon call rates low has become more important than ever. After all, it’s impossible to make a case that repeated silent phone calls are a fair use of personal information.
But, with an intelligently set call ratio, Telephone Preference Service (TPS) compliance, transparent Calling Line Identity (CLI) , you can use your hosted dialler to engage in activities that service your legitimate interests – making calls and closing sales.
Get a complete guide to contact centre GDPR compliance.
