GDPR and Call Centers: Ensuring Compliance in the Age of Brexit

David Garrod January 19, 2019

The E.U. General Data Protection Regulation (GDPR) went into effect on May 25, 2018. This regulation poses unique challenges for call center operations. The key for the modern call center business is the ability to provide insightful analytics while complying with the GDPR data subject handling requests.

GDPR has a very broad definition of personal data. It accounts for any biometric, cultural, economic, genetic, mental, political, religious and social information that may be used to identify an individual. Audio recordings, such as of calls involving E.U. data subjects, are personal data and cannot be desensitized. If your call center takes calls from an E.U. data subject, you must abide by GDPR regardless of where you are located.

The approaching Brexit deadline makes the situation even more complex. Should the United Kingdom fail to negotiate an agreement with the European Union before the Brexit deadline of March 29, 2019, any organization transferring data on E.U. subjects through the U.K. will put an organization in breach of GDPR.

Organizations which are certified under the Privacy Shield frameworks designed by the U.S. Department of Commerce and the European Commission and Swiss Administration must also update their commitments. Privacy Shield only provides protection while the U.K. remains under E.U. data protection law.

Keeping in compliance with GDPR while legal obligations are in flux can be difficult. Anthony Gadient, Voci’s CEO, addressed some of the challenges which this legislation presents to Call Centers in his viewpoint which was published in the Pittsburgh Business Times. Please click here to read it.

David Garrod

David Garrod, M.S.E.E., Ph.D., J.D., is the General Counsel of Voci Technologies, Inc., as well as its designated GDPR Data Protection Officer.

Stay updated with Voci's speech insights