How Technology Choices can Help your Contact Center be GDPR compliant

There has been an enormous volume of content written on how call centers should work with the new GDPR regulations. In this article, I want to focus on a specific topic – how your technology choices can help your contact center be GDPR compliant, while also providing a better customer experience.

Key points for contact centers

But before we dive in, a few of the key points (among others) for contact centers to think about include:

  1. The GDPR regulations cover any data that can be used to identify a person, either on its own, or in combination with other data. Importantly, this includes data previously deemed anonymous, such as device IDs, IP addresses and so on
  2. Your customers have the right to access their data and know what it is being used for, and the right to restrict processing, to enable them to request their data to stop being used, either temporarily or permanently
  3. Last but far from least, your customers have the right to be forgotten.

Why these points are a challenge for your technology choices

Almost all contact centers use a number of third party solutions, such as marketing automation and CRM systems. With regards to technology usage, the above points are particularly critical issues in terms of which third party data solutions you work with. This is because all third parties must abide by the terms agreed by the data controller (your business) and the data subject (your customer).

To make matters even more challenging, the GDPR applies to the location of the data subject (your customer), and not where the data is collected or stored. So whether your third-party service provider is based in the EU or not, the Regulation applies if they are collecting EU residents’ personal data. And to ensure you are compliant, you must have Data Processing Agreements (DPA) with each third party solution that you use.

The opportunity

At first glance, this seems to present a number of challenges. But with the right frame of thinking, being GDPR compliant can complement a shift toward technology-supported omni channel customer journeys. Here are three ways to transform GDPR from a tick-the-box exercise into a way to drive your customer experience forward.

Adopt solutions built with Privacy by Design principles in mind

In 2017, US companies spent $10.05 billion on third-party data. Indeed, a whole industry has sprung up around data that has been obtained by less-than-clear means, and companies all over the world have been eager to leverage this data to provide a better customer experience.

The flip side of this argument – that we need customer data in order to deliver exceptional experiences – is the Privacy by Design principals. This is a set of guidelines that helps to inform your data security decisions. When choosing a third party solution, some of these can also be framed as questions such as:

  • Is this solution built with privacy as the default setting?
  • Is privacy embedded into its design?
  • Will it help us be preventative rather than reactive in our data security practices?
  • Will its security features be positive sum rather than zero sum (i.e. security is important, but it should not impact its business value)?

Look for flexibility

In a perfect world, you would have little trouble choosing from an array of third party solutions built with Privacy by Design principles in mind. However, in real life you will probably have to be more pragmatic.

As all third parties must abide by the terms agreed by you and your customer, flexible setups and, more importantly, good working relationships will help you build customer journeys supported by the best possible solutions. The natural starting point is a comprehensive checklist of security practices of your provider. Assuming not everything meets your requirements exactly, the next step will be looking at the flexibility of options offered by the provider and their willingness to work with you to create a solution. For example, if you have stringent privacy requirements, you may think about working with vendors that can provide an on-premise rather than cloud-based solution.

Use GDPR as a reason to streamline your stack

At a time where software is eating the world, it can be tempting to adopt shiny new solutions to improve this part or that part of the customer journey. But third party platform creep is a dangerous thing, particularly in the context of the GDPR. You don’t want to be the company offering users more than 100 checkboxes for users to opt in or out of – keeping things simple, transparent, and straightforward is the name of the game.

It it’s well put together, a streamlined stack will help you on the path to creating a single, permission-based customer view, offer a seamless omni channel customer journey, and ultimately make trust a key differentiator for your business.

A little information is provided below on how Surfly is built with security and privacy in mind. Do you have anything more to add to my list? 


About Surfly and GDPR

Surfly is a co-browsing solution built with privacy by design principals in the following ways:

  • Surfly session data only lives within memory during the session itself, and does not store any information on disk.
  • It does not need to gain or give access to a computer and no installation of software or plugins required.
  • The shared web session is fully isolated to a single browser tab, and by closing this tab the session ends automatically.
  • Not only does it not store any data, but the service can also be run on-premise, effectively meaning that your co-browsing solution will become part of your infrastructure rather than a third-party solution.

You can try out Surfly for free here: