The GDPR is potentially confusing, with no shortage of people offering to make it all a little bit more confusing for you. So, in parallel with our ‘one thing at a time mantra’, it makes sense to identify useful, informed and unbiased information sources.
Although we’ve cheekily suggested in the past that “the GDPR is too important to be left to the lawyers”, there are some things that really are best left in their hands, like contracts.
How’s the first week back to work been? If you’re still wanting to get ready for the GDPR & new Data Protection Act – especially from a customer management and experience perspective – here’s tip #4.
As we all know, what the GDPR and new Data Protection Act will mean for businesses has been clouded by scare-mongering, exaggeration and misdirection. However, all that is now over. We are delighted to be able to share with you exactly what will happen in the world of data protection in 2018, month by month.
(and if this doesn’t prove to be 100% accurate, then we’re not ICO accredited GDPR experts!).
If you genuinely are at a loose end over the Christmas break and are desparate for “A Complete Guide to the GDPR” then head over to FieldFisher’s website and download their GDPR App:
Here’s a quick, unscientific experiment you can conduct this week*. Call up your contact centre and say you’re a customer and you’d like to lodge a Subject Access Request.
If you’re new to the world of the GDPR and the UK’s planned new 2018 Data Protection Act, you may be feeling a bit overwhelmed by conflicting advice, scary predictions and not knowing where to start. To try and help we’re going to start sharing snippets of advice – especially from the perspective of those responsible for delivering their organisation’s customer experience – once a week.
If you are a technology service provider and have been taking notice of GDPR (the EU’s General Data Protection Regulation) and the new Data Protection Bill making its way through Parliament, then you will be aware that there are changes in the offing. One of those that is likely to be particularly relevant if you handle or process your client’s data or the data they hold on their customers, is the changed status of data processors and data controllers. Currently, there’s a very clear difference between the two. As a data processor, the “my client told me to do it” defence isn’t quite water-tight, but in most cases it will keep you out of trouble.
It won’t do so in future, though. GDPR puts a lot more onus on data processors to be confident that the data they are handling is being used appropriately and compliantly.
So, just something to address from 26th May 2018 onwards, then? I think not.
A few months ago, we blogged about 3 things that contact centres and people responsible for customer experience needed to know about GDPR (the new set of EU data protection rules, now being written into UK law in the new Data Protection Bill, which had its first reading in parliament earlier this month). We explained that the DMA’s Contact Centre Council had been considering how contact centres should best square GDPR compliance with optimising customer experience and securing companies’ commercial goals. www.linkedin.com/pulse/contact-centres-3-things-you-need-know-gdpr-steve-sullivan/ Back then we highlighted:
• the possible need for a Data Protection Officer (DPO)
• changing requirements between data Controllers and Processors
• the need to ensure your corporate insure cover reflects changed obligations and liabilities
We said we’d continue to keep you informed as to what we understand about how GDPR will take effect and the impact it is likely to have on customer facing operations.
Since then, although the Data Protection Bill has started to make its way through parliament, some detailed, practical aspects of how GDPR will be interpreted – specifically around customer consent and profiling – remain a little unclear. The Information Commissioner’s Office (ICO)’s final guidance on these areas is still awaited. However, as the ICO has made clear (www.iconewsblog.org.uk/category/elizabeth-denham/), there’s a great deal we can be certain of. Organisations need to get into a fit state before the new DPA makes compliance with GDPR mandatory by May next year And for many organisations, that will be big ask.
So, here are another 3 things you need to know about. There will be more aspects of GDPR / the new DPA to consider in future, but take these on board for now. They will all have a direct impact on your front-line staff, in contact centres, in the field and in-store.
August is a funny time of year, isn’t it? If you’re not on holiday – and as long as your colleagues’ absence hasn’t meant that you’re up to your eyes in their work – then August can be a great time to catch up on the things you’ve been putting off. Putting in plans for your ’peak’ season, reading some of those thought leadership articles you’ve downloaded and never had a chance to catch up on, swapping your wonky chair with a better one from the first floor, completing that mandatory e-learning course that no-one’s noticed you’ve not yet done, etc.
You could start blogging about your work and your organisation, make a commitment to write a blog every week and (the really impressive bit) actually do so. It would seem to be a strange time to start, though, when a large proportion of your audience is either away from work or distracted from their typical working routine.
However, that’s what Elizabeth Denham, the Information Commissioner, has done this month.