*This document is provided for information purposes only, and Vocalcom does not claim to be exhaustive. It does not constitute a legal recommendation and cannot replace the advice of a specialist. It is the responsibility of each individual to ensure compliance with the regulations in force. Vocalcom cannot be held responsible for any consequences or damages that may result from any use of the information and data contained in this document.
For many years now, cyber threats and attacks have been on the rise. More and more software systems have shown to be vulnerable, and the time that passes after exposure has lessened greatly. In the past, when a company identified a cyber threat, one or two weeks would pass before any cyberattack occurred. Nowadays, the attack can occur within an hour of the noticed cyber threat. The attackers are deeply invested in getting what they want, often using automation. Companies therefore have to react more quickly than ever. In addition, the types of cyberattacks vary as well. There are more and more incidents of ransomware, identity theft, and phishing, for example. As security constraints keep evolving, companies must keep reinforcing infrastructure to keep these cyber threats from causing harm.
GDPR, on the other hand, provides structural opportunities to prevent attacks. There was a time when GDPR wasn’t a problem for most companies, whether it pertained to inbound or outbound. Now, it brings up more questions for company projects that must be taken into account. This leads to a need for implementing a system around data management and implementing a system progressively and prior to starting a project, which leads to a greater prevention and protection from the attacks.
Companies that use or wish to use call recording must be ready for specific processes that comply with GDPR. These processes specifically include recording conditions, a customer’s right to refuse to be recorded, and the length of a conversation. Other constraints include information on people’s rights, storage, and the protective measures of these recordings.
Call recordings must satisfy a specific need for the contact center: employee training, performance monitoring, service quality, or evidence gathering for tasks such as telemarketing. Therefore, your company must justify their recording to the final customer or ask for their consent before the call begins. Some industries, such as Bank or Insurance, are also impacted by standards other than GDPR, which require them to retain call recordings. How long call recordings are kept correlates with their purpose, so if you are not impacted by those standards, as soon as the purpose has been met, there is no need to keep the call recordings.
For outbound calls, in the context of teleprospecting, it is important to take a look at other laws. For France, it is the Hamon law,the consumer law of 2014 and in particular, Bloctel. Essentially, a prospect who is subscribed to Bloctel cannot be contacted for commercial purposes, and it is the contact center or the ordering institution that must enforce this.
In the case of outsourcing your customer service to a contact center or a call center, it is important to keep in mind that the responsibility chain is domino. You must therefore make sure that their service providers use systems and processes that are compliant with GDPR. In the case of Vocalcom, our software solutions are compliant. Correlations were added to the logs in order to guarantee the traceability of all actions that take place. In this manner, you know who has access to data, why, how, at what time, and from which agent workstation. In addition, for cloud consumers, we ensure the integrity of the data, so that no one is able to modify your customer data except you.
GDPR applies to your customer service, but not only. It actually concerns everyone in your company. GDPR enables your agents to have a better awareness of the importance of data management and therefore, better data management practices. This improved data management must be ensured and will allow you to have better customer monitoring. It is critical to know how customer data is collected, stored, and managed and ensure its monitoring. Thanks to the implementation of log monitoring, Vocalcom can support you in this area.
GDPR allows customers to obtain the deletion of their data by companies that process personal data. Customers also have the power to access their recorded data in a structured numerical format. By giving customers the possibility of accessing and modifying their own data, companies can instill confidence and gain the trust of their customers. This trust is important for winning customer loyalty: According to KPMG, up to 74% of customers are more likely to stay loyal to brands that protect their personal data. In addition, 78% of these customers willingly accept to share their data if they have control over the requests of the company and the channels used.
This trust is also differentiating: According to CSA, only 10% of customers in the world believe at this time that they have sufficient control over their personal data. Furthermore, more than 2 out of 3 Europeans want to be able to give their permission before data is collected.
To establish a project and set up a long-term customer relationship, such as a subscription, it is important to notify the customer about the data necessary to best support them. If the customer agrees and understands, he can also provide you with more information so that you can offer him other optional services. For example, recording purchase history in a loyalty program would be one way of obtaining data in exchange for sales promotions. Essentially, GDPR is pushing companies to be more demanding with themselves.
The security of your customer data is our priority at Vocalcom. Cyrille Mucchietto, Security Manager at Vocalcom, in charge of security maintenance and the implementation of best security practices for cloud and on-premise solutions, reminds us of all the actions put in place on the platform to protect against attacks.
At Vocalcom, we implement risk analyses of our system to know which risks we are exposed to, which measures can be put in place, and how to execute them to ensure the protection of our system and our data.
We also implement a centralization of logs and information to be able to generate alerts for suspicious activities. They are reported by the SOC (Security Operation Center) at Vocalcom. The logs, with correlation rules, are studied to bring to light any activities or events that deserve special attention. The Vocalcom cloud team is then notified (if there are suspicions) and analyzes the situation to learn if there is a false alert, if there is real danger, or if there is an improper use of our platforms.
If there is a confirmed alert, crisis management measures are put in place in order to avoid letting the problem gain a foothold. For incident management, actions are put in place according to the nature of the problem.
The security team intervenes proactively for cloud customers. The team also offers security support for on-premise customers, through our configuration guides and our support if these customers need it. On-premise customers can access our security recommendations or expertise regarding the software.
New security constraints fueled by more frequent cyberattacks, as well as GDPR pushes brands to reinvent customer engagement strategies—a more humanized approach, more personalization, and more trust. Vocalcom is there for you to make sure your company succeeds in business in the most secure conditions possible.
Interested in our solutions?