Insights|GDPR compliance checklist: counting down to May 25, 2018

GDPR compliance checklist: counting down to May 25, 2018

The EU’s General Data Protection Regulation takes effect May 25, 2018, enforcing a number of data protection laws. But it’s selling the purpose of the regulation short to consider it solely as a series of constraints.

    Share on
by Sitel staff January 21, 2018 - 2 MIN READ

The EU’s General Data Protection Regulation takes effect May 25, 2018, enforcing a number of data protection laws. But it’s selling the purpose of the regulation short to consider it solely as a series of constraints. It will benefit brands by providing them with an opportunity to generate value based on consumer trust that’s earned as a result of GDPR compliance. If properly conducted, this compliance process will reveal itself a strategic economic lever. So what exactly do you have to do? We’ve listed five essential requirements.

1) Accountability

Probably the regulation’s most important tenant: its accountability principle, requiring that companies not only take measures to protect personal data, but prove it by keeping a record of all processing activities, detailing the reasons for each process and the relevant security and confidentiality mechanisms in place.

Because the European regulation extends its provisions to all subcontractors, it’s necessary to make sure they can also prove their compliance through a similar record, regardless of their geographic location.

2)  PIA: don’t put privacy at risk

For every data processing activity that potentially puts an EU citizen’s privacy at risk, an organization will have to run a “Privacy Impact Assessment” based on which it will set up a maximum security action plan.

3) Privacy by default and by design

These two principles highlight the new cultural mind-set that the GDPR aims to instill within organizations.

On the one hand, by default, the volume of data and its storage time must always be kept to a necessary minimum. A user has to clearly understand and give his/her consent freely to any kind of data processing, thus putting an end to all passive opt-in and opt-out mechanisms. Organizations must also bring to a user’s attention any instance of automatic profiling, such as processing via cookies that help track, analyze and predict certain customer characteristics through online navigational behavior.

On the other hand, the highest level of data protection has to be built into the design of any new service or product through anonymization, pseudonymization or encryption tools.

4) Bridge the IT-Legal gap

The security of your IT environment is inarguably the cornerstone of compliance. If it’s imperative to invest in cybersecurity solutions, it is equally important to train all teams involved, at every level of the company, in order to properly use data processing tools, follow these new regulations and understand their legal implications. Human error can jeopardize even the most foolproof technology.

5) Appoint a Data Protection Officer

By supporting your company in its compliance action plan and educating everyone involved, the Data Protection Officer will become the true champion of sound data governance. He or she will need the necessary legal and technical skills to guarantee both legal and operational compliance, as well as act as a key liaison between your IT and legal departments. This position is compulsory for all public organizations, private organizations of more than 250 employees and for all groups that process sensitive or considerably high volumes of data.

“The collection of data is part and parcel to any customer journey,” explains Emmanuel Richard, Associate Director of Extens Consulting, a firm of Sitel Group. “By respecting these five GDPR requirements, a company will be able to deliver a honed and streamlined customer experience – one that is rid of superfluous information and truly customer-centric.”

If organizations are worried about the looming financial sanctions, the real sanction will arise from consumers’ lack of trust in companies who don’t take every possible measure to protect their personal data. There is no such thing as zero risk. However, consumers will more readily trust brands who pool all available efforts and resources to implement proper protection mechanisms and comply with the GDPR.

Recent posts

Outsourcing and the Future of Customer Experience Delivery

A new Sitel Group® whitepaper puts forward a bold new blueprint for the future of customer experience (CX) delivery and…

Read on

How to Increase Self-Service Success Rates

How can companies achieve self-service success? The answer lies in usability: a good user experience, powered by effective content, designed…

Read on

Why Successful Technology Companies Focus on Customer Effort

Monitoring and lowering the customer effort score is crucial to delivering the type of customer experience that leads to loyalty.

Read on

Connecting Your Brand Promise to Customer Experience

What is a brand promise, how do you write one and why is a pledge that an organization makes about…

Read on