What is GDPR?
Affecting almost every organisation in Europe, and potentially with world-wide ramifications, GDPR means business. You need to be ready and on guard to deal with the General Data Protection Regulations (GDPR). They come into effect on 25th May 2018. That’s just a few months from now.
The Regulations place limits and restrictions on the storage of personal data. Personal data, which now encompasses a much wider form than that previously referred to under the Data Protection Act.
Isn’t the Data Protection Act enough? Why do we need yet more regulation?
Existing data protection legislation for individual EU countries is sufficiently dissimilar enough for one organisation to be compliant in its own country, but not with that of another country and with whom it may conduct business.
Thus, the Regulations are designed to standardise the requirements for data protection across Europe. Standardisation will maintain a common market, support the free flow of information and ensure that those complying with the rules will benefit from an equal playing field.
Those of you who act quickly enough to achieve compliance will undoubtedly thrive in this new regulatory community. Indeed, by meeting the standardisation of data protection requirements, you’ll be streamlining your processes and significantly benefiting from efficiency savings. At the same time you’ll also be minimising the risk of data breach and with it the distinct possibility of financial ruin.
What happens in the event of a breach?
Data breaches will be strictly regulated – supervisory authorities as well as the data subjects themselves will have to be informed, and reports submitted within 72 hours of a breach.
What’s more, if you commit a breach, the fine can be crippling: up to €20 million or 4% of annual turnover, whichever is the greater. Remember, that’s turnover, not profit! These penalties are in addition to any other fines you may face for a data breach, such as failure to comply with PCI rules.
What do I need to do now?
You need to understand your data and, as the Regulations state: “implement appropriate technical … measures to demonstrate that the processing is performed in accordance with the Regulation.”
So, what can you do for me?
We’ve highlighted just a couple of the areas to answer this question:
You certainly don’t want to open yourself to fines for failing to comply with PCI rules. Indeed, non-compliance here would almost certainly suggest that you would also be committing a breach of the new GDPR. That means a double whammy in the way of fines. The compound effects would be terrifying.
However, by contracting with us, as a processor to process all personal card data in connection with your clients’ debit or credit card payments, you’ll be providing some evidence of compliance with “sufficient guarantees to implement appropriate technical … measures”.
After all, we’re a PCI DSS Level 1 service provider. Our live payment collection services supress DTMF so, for example, all your callers’ sensitive card data is effectively hidden. This means your agents cannot hear data, nor can your recording devices record any. In addition, our automated services simply terminate DTMF inside PayTel so that it’s entirely contained within the PayTel universe. You’ll never have to store any sensitive card data.
In practice, your business operation may involve call recording for ‘training and monitoring” purposes. These recordings often sit in systems for many years, building in volume, as very often the default of your recording system will be to record everything.
However, going forward to GDPR, only FCA (financial) calls should be recorded by default. In other cases the customer should be given the opportunity to agree to the call being recorded. This is just one area our intelligent call systems can help: we’ll be able to hard code ‘opt in’ prompts at the beginning of each call.
PayTel – helping you on the journey to achieving GDPR compliance
Start your GDPR compliant journey by entrusting your PCI compliance to us. Streamline your processes, benefit from efficiency savings and minimise the risk of data breach. We’ll help you build a robust culture of security to safeguard the future for your business.
Call us today on 0333 202 1555 or email us at firstname.lastname@example.org. To find out more about our solutions just click here.