How a Call Centre can help you in your GDPR efforts?
May 2018 is fast approaching and a number of existing clients and potential clients are contacting us to ask for our support in implementing their GDPR efforts.
The interest in GDPR is quickly increasing as we near this deadline. Google trends showcase a higher number of search-related enquiries in the last quarter of 2017. We believe this trend will just increase until May 2018 as businesses and data protection officers work to ensure their adherence to the new regulation.
Source: Google Trends
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a regulation adopted on 27 April 2016 and promoted by the European Parliament, the Council of the European Union and the European Commission. Many of the main principles of GDPR are included in our current Data Protection Acts 1988 and 2003. However, new key elements and enhancements need to be considered by data controllers and data processors, specifically for GDPR.
Why should you contract a call centre to support your GDPR efforts?
Internally, you should carry out a “review and enhance” analysis of all data hosted, controlled and processed by your company. This analysis will allow you to identify gaps and design suitable procedures to deal with improved transparency, accountability and individuals’ rights provisions.
And it is here, within the individuals’ rights provision that a call centre can help you. A Call Centre can validate the data within your system and obtain an audit trail for GDPR purposes.
How does it work?
Call Centre can provide multiple services to support administrative tasks and customer relationship management requirements. The best way of showcasing how we can help you with GDPR is through few examples of enquiries received in the last few months:
Enquiry 1: “We have a list of 60,000 European suppliers and we need to confirm their details. Can you do this for us?”
This project was identified by our client while reviewing the data within their systems during their GDPR assessment. While more than one of us will argue that it is in the best interest of suppliers to be part of our database (so they can get paid), the client used GDPR principles to evaluate all their data, and detected inaccuracy of information in their database (for example former employees as the main point of contact). Using budget allocated to the GDPR, we were asked to confirm the information of their data through e-mail and phone calls. The project was completed within two months and over 55,000 records were confirmed / updated.
Enquiry 2: “We have a legacy database with 700 records of ‘potential clients’ from networking events, our website newsletter registration form and other marketing/sales activities. We don’t have recorded that they opted “in” to this list and we are unsure if the information within the database is accurate. Can you help?”
Marketers and sales people may face this problem with old databases. Depending on the value of each ‘potential client’ it will be worth it to delete the full database or verify the information. In our case, each ‘potential client’ was worth it around €1,000 in service subscription. Using GDPR as the main reason for the contact, our team called the 600 entries and offered our clients services. One of the questions within the script was related to their agreement of receiving future sales and promotional material to their e-mail account. If caller accepted the offer, then an “opt-in e-mail” was sent to them with information about their rights to modify their information and remove it from the system. While not all ‘potential clients’ agreed to be part of the list, our team captured the level of interest in relation to our clients’ services and scheduled follow up calls for our clients’ team.
Enquiry 3: “We are hosting on our website a company directory with contact details from key employees (finance, marketing, sales managers, CEO…). While all companies are members of our association, the contact details may be out of date and potentially the person who created the profile is not the contact person listed. Can you assist?”
For this project, we sent an e-mail to all companies listed in the directory and asked them to update their profile information. For GDPR purposes, they had to disclose their name and e-mail address, which provided us with an audit trail for compliance purposes. The e-mail was followed up by three rounds of phone calls with the aim of 1) ensure that the e-mail was received by the correct person; 2) encourage companies to update their profiles; 3) support any IT related enquiries. Our team completed this project within 12 days.
When should I start?
May 2018 is the deadline. Our advice is to audit your data and processes as soon as possible. Then, you can design strategies to eliminate the GDPR gaps identified. If you have similar gaps to our clients, get in touch. We will provide you with a tailored proposal to suit your timeline.