This week at IT Expo in Ft. Lauderdale, Florida, one of the hottest topics was compliance with privacy legislation, including the General Data Protection Regulation (GDPR), a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
GDPR will have their first anniversary this year on May 25, and industry observers are closely watching for changes to the legislation, or more to the point – more emphasis on compliance.
“Now that GDPR has gone into effect, how have the new rules impacted businesses and customers and what should you expect to see going forward with regards to data privacy and security?” asked Akshay Sharma, industry analyst and principal at neXt Curve. “What new requirements may be coming? How many applications will regulations apply to?”
Sharma was joined by Karan Zaveri, CTO of 24/7 Software, and Ron Romanchik, Chief Revenue Officer for Call Cabinet, as they explored a number of interesting use cases where private personal information is shared.
Zaveri kicked off the discussion sharing insights about the intersection of physical security and digital data collection, citing the many ways in which consumer information is collected as part of applications in sports arenas and other public venues.
“We collect a lot of personal information at football games, for example,” Zaveri said. “This includes data associated with problems at the stadium, for example, fans who may drink too much alcohol and may be arrested by law enforcement.”
Zaveri cautioned that as more and more businesses grapple with GDPR, which 24/7 Software did when they were selected to provide services for large events in Europe last year, it’s important to be clear on what GDPR compliance really looks like. “GDPR can impact the entire organization – it matters across training, applications, and services. It’s important to define how organizations are collecting this data, and who is the controller and who is the processor. There are certain things you have to do as a controller and processor, and this needs to be worked out between customers and their providers.”
Sharma and Zaveri also discussed the right of individuals to prevent the collection of their data or to have their data forgotten. “It has to be very clear, on every website, what data may be collected. For smaller companies, data protection officers are not required, but larger companies and enterprises, it’s important to consider putting data protection officers in place, experts in GDPR and other regulations.”
Romanchik spoke about call recording, which generates an increasing amount of data through voice calls, which are still the most popular channel for engagement between businesses and their customers, even as multi-channel contact centers and other communications applications grow. CallCabinet provides solutions for all call recording needs to support global regulatory compliance with various regulations.
“Recorded calls are considered data, and we’re constantly looking at how GDPR applies to that,” Romanchik said. “GDPR also covers text messaging and even screenshots, and GDPR is going to apply to all information captured, stored and analyzed.”
Romanchik said while GDPR is the most talked about legislation, the new California privacy act, and legislation happening in Australia are coming up. “With Canada following many of Europe’s initiatives, we’re going to see more coming out of Canada this year.”
Compliance is driving an industry of over $200 billion in consulting and services, including Sarbannes Oxley (SOX), PCI, HIPAA and more. Romanchik expects this to continue to grow as we continue to collect more and more data, and analyze it, including using AI to generate additional business value.
Romanchik pointed out that GDPR not only effects the EU but the entire world, as it applies to any business anywhere that interacts with EU citizens and pointed out that $321 BILLION in fines have been levied since 2008, well before GDPR went into existence.
“The world’s most valuable resource is no longer oil,” Romanchik said, “but rather data.”
When it comes to impacts of GDPR in this new year, the panel shared these trends:
- States across the US are starting to strengthen their own data processing laws in ways that reflect the approach of GDPR
- These laws will require companies to disclose the type of data they collect, who it is shared with and how it is stored
- These laws will also require that consumers can easily opt out of data being stored, sold or shared
- Companies like Google, Facebook and other dot-coms located in Silicon Valley will continue to invest in increasing privacy protections; this includes Apple who announced this week a flaw in their popular Facetime app (which was allowing those initiating group video calls to be able to listen in before the call was picked up)
The panel made several recommendations to companies building their GDPR and other compliance strategies:
- Make sure your consent protocol is crystal clear to inbound visitors (online and calls)
- Wear your compliance as a badge of honor
- Focus more on your existing customers
- Determine which elements consumers deem to be a worthy exchange for their personal data
- If a consumer reaches out with a data erasure or change request, make it a positive impression and use it as a competitive advantage for your company
Sharma concluded the session with a discussion on AI and how analytics will be applied to interactions (voice, text, bots, personal assistants like Alexa, and more), and how increasingly popular platforms for telemedicine and capture of medical data from wearables need to consider privacy from the ground up.
Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.
Edited by Ken Briodagh