By the 25th May 2018 all organisations serving customers across Europe need to comply with the new legislation. Regardless of the UK leaving the EU.

Yet, IT Governance reported this month that 68% of a survey sample have yet to update their processes to reflect the new data subject rights.

There are numerous changes to the outgoing Data Protection Act that organisations need to adhere to, or fall foul of the regulator – the Information Commissioners Office (ICO) which is currently recruiting 200 new staff to enforce the new rules. Failure to comply could result in fines of up to €20 million or 4% of annual global turnover, whichever the greater. But even worse – what if you lose all your customer data?

The GDPR will apply across the company. No longer just an issue for Marketing, Customer Insights or Compliance. Customer Services will be at the forefront when it comes to dealing with enquires from citizens, Subject Access Requests (SAR’s), engagement, loyalty and churn.

In this Digital Age, with more Artificial Intelligence and automation, the customer expects a certain level of personal targeting and customised experience. This has resulted in a more customer centric culture. Now the customer will expect not only personalisation of product and services, but security of the personal information they have shared with you.

The fact that customers have been happy to share data to obtain a value exchange with your organisation is a great starting point. You may now have access to purchase history, address, birthday, communication preferences and in some cases even their voice recording. But this results in a vast amount of personal data for storage and protection.

Now you have been entrusted with their data, you must respect it, ensure its safety and privacy. From here on in, under GDPR your company must obtain consent and understand what we at MyLife Digital call the 5W Framework:

• WHAT data has been collected.
• WHY it’s been collected and for what specific purpose.
• WHO is using the data.
• WHEN the permission was granted.
• WHERE the permission was granted.

From a Customer Service point of view, any Customer Relationship Management system needs to access and report on the above. When you’ve worked so hard to build customer satisfaction and loyalty, you don’t want to lose it.

With Chabot’s and technology removing the need for live agents, customers must feel they are able to resolve problems whilst having a good experience. In another survey recently reported by CSM, 65% of consumers “feel good” when they solve their issue without human contact. Customers rely more and more on technology. And this technology relies on data.

Analytics of customer data is getting more complex. To feed machine learning algorithms requires data; more data means more of the 5W’s. Especially who is using it, why it has been collected and for what specific purpose.

GDPR will hold your company to account, and you will need to be able to show how you use best practice to apply these controls. From your Privacy Policy, to Terms and Conditions and business processes, all need to adopt a new way of business as usual.

GDPR is seen as one of the biggest, most important changes to consumer rights in recent times. It turns the use of personal data on its head and gives back control of data to the citizen. Businesses must ensure every member of staff has the appropriate level of understanding to continue to carry out their role.

Okay. You’ve done your homework, you’ve invested resources and applied the 5W’s to your data collection, so what’s next?

In an article in Harvard Business Review, Customer Data: Designing for Transparency and Trust, the authors state, “a firm that is considered untrustworthy will find it difficult or impossible to collect certain types of data, regardless of the value offered in exchange. Highly trusted firms, on the other hand, may be able to collect it simply by asking, because customers are satisfied with past benefits received, and confident the company will guard their data.”

To be a trusted firm, to maintain loyalty and reduce churn, you need to keep your customers happy. With repeat purchases, upgrades, continued good service and of course value for money – and from May 2018 data consent.

Consent Audit

To start to understand consent, look through current statements that have been used to gather permission to contact. These might be on old direct mailing packs or in recent online or social campaigns. Collate these, then assess how legitimate that consent to use data is and whether explicit permission was given.

Your customers must agree that their data can be used and that they can be contacted. Only then do you have a legal basis for collecting, storing and using their personal data.

And be mindful: consent is not the same as a preference.

Under the DPA customers already have the right to know what data you hold on them and can submit a subject access request (SAR). The ICO has written guidance to this process which is well worth reading, and we await an update for GDPR.

Customer Service is often the first port of call when the relationship has steered off course or a simple query triggers a call. Under GDPR it may now also trigger the right to be forgotten or right to erasure.

Article 17 of GDPR states the data subject has the right to request that the data controller erases their personal data, subject to meeting certain conditions. This may be that the personal data is not necessary in relation to the purpose for which it was collected, or the data subject withdraws consent or objects to processing; amongst others.

GDPR Checklist

Now is the time, before May 2018, for your organisation to:

• consider the organisation’s stance on personal data and what is done with it
• understand what data needs to be retained for legal or other reasons
• establish or update data retention policies and adhere to them
• ensure there is a process in place to manage SARs and the Right to be Forgotten
• train all staff in the above process and the part they play in it
• draft standard communications and notifications to acknowledge requests, including the timelines for completion
• know where data is shared, internally and externally, and be ready to inform such parties to complete these requests
• comply or update a suppression list to remove requestors data from any marketing, sales or communication activity.

Basically, leave no stone unturned. Don’t live under a rock or bury your head in the sand – GDPR is coming and sooner than you think.

About the Author

Keith Dewar is Group Marketing and Product Director at MyLife Digital, with over 25 years of senior management experience across functional disciplines including marketing, sales, business development and strategy. He has held various directorships with Cable & Wireless, Vodafone and O2.

More recently, Keith was Vice President, Marketing & Strategy for technology start-up IP Wireless where he helped grow the business over five years, culminating in a successful acquisition of the company by General Dynamics. Keith is also a post graduate student in the Department of Economics, Finance and Management at the University of Bristol where he is studying and researching areas of strategy, change and leadership.

Rather than reducing staff or altering workloads, call centers should first look for a much more straight-forward approach to decrease operational expenses, such as reducing average handling time (AHT). AHT is the sum of talk time, hold time and call wrap-up time divided by the total number of calls. For large enterprise call centers that receive hundreds of thousands of calls, reducing the time needed to address each one – even by a few seconds – can add up to significant savings by enabling customer service representatives (CSRs) to handle more calls and therefore be more productive.

But, of course, if CSRs are rushing through calls in an effort to reduce AHT, customers may not be getting their issues adequately resolved, which can negatively affect the overall customer experience; agents may even be targeted on AHT and can hide behind poor call handling to ensure an AHT reduction by having the caller make repeat calls! The key to reducing AHT while still providing a positive customer experience is to focus on reducing the call time spent on transactions, such as taking payments.

When accepting payments over the phone, many call centers today ask customers to read their payment card information aloud to the CSR, a practice that actually increases AHT. That’s because payment card details are often misspoken by the customer, or misheard or miskeyed by the CSR. Frustration ensues on both ends as customers and CSRs need to repeat numbers back and forth, and entering a wrong number can cause the transaction to be rejected by the Payment Service Provider (PSP) and a failed transaction charge applied to the call center. Even worse, the practice can put customers’ personal data at risk. If the customer is in a public place when reading their payment card details aloud, for example, they risk exposing their sensitive data to a malicious eavesdropper or a rogue CSR who could copy the information for fraudulent use.

Likewise, interactive voice response (IVR) systems used by some call centers can also cause frustration and negatively impact the customer experience – particularly when it comes to taking payments. If a customer miskeys their credit card number while using an IVR system, they often don’t know how to navigate the system to correct it, or simply hang up in scenarios such as debt collection. Without a CSR on the line to help, the customer is far more likely to end the call, potentially causing the company to lose a sale… or worse, lose a customer completely.

Fortunately, there are ways for call centers to reduce AHT, keep customers’ payment data secure improve the customer experience, and reduce costs all at the same time. Using advanced technology, call centers can have their customers securely input their payment card information via their phone keypad while remaining on the line with a live CSR. With this approach, the CSR can continue to converse with the customer and provide assistance, or even begin performing wrap-up tasks while the customer inputs their card details – further increasing productivity. By providing a single point of numerical entry, the opportunities for error are significantly reduced, and the CSR is no longer responsible for capturing the card details. Because the CSR and the customer are not spending valuable time re-reading numbers to each other, AHT, and in turn, costs, can be significantly reduced.

Perhaps most importantly, this process also improves data security. The audio tones from the customer’s telephone keypad are masked and the data is automatically and securely transmitted directly to the payment provider. This means that the CSR never hears the card details and the tones are masked in all audio recordings, significantly reducing the risk of fraudulent activity. Moreover, the payment card data never hits the call center’s IT systems, greatly reducing the scope of compliance for Payment Card Industry Data Security Standards (PCI DSS) regulations. The entire process is not only more secure for the customer, but it also saves the call center a tremendous amount of time and money associated with maintaining PCI DSS compliance.

Leading companies are already experiencing the benefits of using such technologies. One of Semafone’s customers, a global insurance brand, was able to decrease AHT by approximately 30 seconds per call using this approach in its call center. Similarly, a global telecommunications provider lowered AHT by 26 seconds per call (an 8-percent decrease). For large enterprises that receive hundreds of thousands of calls in their call centers, shaving 20 to 30 seconds off per call can add up to millions of dollars in savings per year and a significant increase in productivity.

As companies in every industry look for more ways to reduce operational costs and improve efficiency, reexamining the payment processes in their call centers represents the low-hanging fruit – an excellent place to start. Through the use of new technologies, they can cut call center costs by reducing both AHT and the costs associated with maintaining PCI DSS, all while continuing to deliver superior customer service and strengthening data security.

About the Author

Ben Rafferty is Global Solutions Director at Semafone. Rafferty has more than 15 years of experience of delivering speech recognition, IVR and contact center automation on CPE and hosted platforms. At Semafone, Rafferty is responsible for the smooth deployment of solutions into hosted environments and for the overall management of Semafone’s hosted offering. Starting as an engineer and working up through a variety of roles, Rafferty’s career includes the successful delivery of programs for a wide variety of organizations, including large multi-national corporations, such as SAP, Deloitte, Interflora and Odeon, as well as local and central government, Parliament, the NHS and all “Blue Light” services in the UK and Europe.