Like all companies doing business with European Union users, your company may have made plans to comply with General Data Protection Regulation requirements at the company level.
It's a good idea to do a last-minute check of the call center to ensure that all the important tasks have been assigned to someone on your team or outsourced to a contractor.
Audit the information lifecycle. The data protection officer (DPO) will already be working with the IT team to track the security and flow of personal data for back-end IT systems. But GDPR call center compliance should also include the various cloud applications they're using outside of standard enterprise channels. That can include new sales force widgets, as well as tools for data analytics, scheduling and campaign management that might operate outside the view of the IT department.
It might also be a good idea to look at the workflows that agents use for different kinds of customer requests or sales calls. What kind of data do they capture and how is it flagged? Do you have a way to ensure this flagged data is managed appropriately? How do agents send email or chat with customers?
Fill out GDPR paperwork. GDPR requirements include dozens of documents that need to be filled out appropriately, sent to the DPO and filed with the appropriate EU authorities. Someone in the GDPR call center needs to take the time to document the internal processes in a way that shows compliance.
There are a number of templates that can help start this process, including the IT Governance GDPR Documentation Toolkit and the Cyber Management Alliance GDPR Preparation Kit.
Launch a training program. Some level of training will be required to bring employees up to snuff with the new requirements. That could be as simple as having employees read a short book, hiring a trainer, or posting some videos on the company's website. Your call center's GDPR lead should also work with HR to coordinate this training with any existing learning management system tools or training programs.
A training expert in HR and the call center might be able to brainstorm and find ways to do some of this training using new short-form micro-learning formats that enable agents to learn the principals during slow periods. A more sophisticated program could customize the training to your company's unique mix of tools and processes and include some kind of ongoing follow-up.
Manage consent requirements. Under the new regulations, companies must capture and manage consent in order to work with customer data. In addition, they have to get parental permission when working with kids' data. Adding a consent data field to the call center app could help alert GDPR call center workers to an individual's previous requests on their screen.
There also needs to be a way to record consent over the phone. In some cases, a customer's verbal agreement with a rep might be sufficient, but in others, the software may need to record a brief customer statement that can be integrated into their record.
Automate follow-up. After an individual has contacted the call center about a change or a request for data, the GDPR call center needs some way to deliver this information or notification to them. Some of these requests can be completed over the phone.
But, in other cases, it may take time to pull the information together and delete or change data. There needs to be a process in place to ensure an agent can complete the interaction quickly with the confidence that the follow-up will occur automatically or trigger a follow-up call.
Create privacy request metrics. When someone reaches out to a GDPR call center to file a privacy-related request, it's going to take time and money to resolve the problem. It's also an indication that they couldn't figure out how to do what they wanted automatically.
If the call center is only getting a few calls like this, it's probably not a big deal. By tracking the types of requests, call center management will be in a better position to work with other departments to automate many of these requests.