How Does GDPR impact the Service Desk or the Contact Centre?

When an organization operates a centralized point of engagement with its customers, we typically refer to that point as a Service Desk, a Call Centre or a Contact Centre. Quite often these terms are casually interchanged. From an ITIL perspective the Service Desk “is the primary point of contact between users and an IT Organization”. For purposes of this brief article we will refer to all such contact points as the Call Centre.

Typically, the inbound Call Centre is one where customers dial in / seek clarification with regards to products or services etc. The Outbound Call Centre would be operated for market research, telemarketing, solicitation or debt collection. The common point for both which is very evident is that personal data is extensively handled across the organization.

"The number one greatest cyber threat to a business is their very own employees," said Darren Guccione, CEO and cofounder of Keeper Security, Inc. Some of the findings Keeper Security and the Ponemon Institute 2017 report are as follows:

  • Negligent employees are the no. 1 cause of data breaches at small and medium-sized businesses (SMBs) across North America and the UK, with 54% of IT professionals reporting that careless workers were the root cause of cybersecurity incidents.
  • The average cost of a cyber breach due to damage or theft of IT assets and infrastructure now exceeds $1 million.

In call centres where the very business revolves around the handling and processing of data, this threat is greatly enhanced. Now add regulation which penalizes Data breach with very heavy fines, and the risk escalates significantly.

With the introduction of GDPR or General Data Protection regulatio, we see such a situation arising. GDPR is also referred to as Regulation (EU) 2016/679. It has been created by the European Parliament and Council to strengthen and unify data privacy for EU individuals as well as to regulate the international transfer of their data. It comes into effect on 25th May 2018.

The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 EU Data Protection Directive was first established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies including extra-territorial scope in its provision. If any organization or business anywhere in the world sees a Data Breach it could be liable for enhanced fines for non-compliance upto 20 Million Euro or 4% of global turnover if it deals with data of EU individuals.

For the call-centre industry, awareness of GDPR and adherence to it is thus crucial.

Sunil Mohal
Sunil Mohal is an ITIL® Expert, engaged in assisting organizations in the area of training and certification for almost 30 years. From setting up and managing captive support centres involving a few thousand systems to supporting global organizations with hundreds of thousands of employees in fulfilling their training needs, Sunil has seen technology and its use and misuse from close quarters.