The GDPR, better known as the General Data Protection Regulation is a law ratified by the European Union in April 2016. Many are asking why they should care about the GDPR and what it means for their company. The GDPR was designed to give individuals better control over their personal data held by companies and prevent inadvertent or purposeful disclosure of their personal data and information.
The global context precipitating the GDPR entails expanding data capture methods combined with numerous data breaches across the globe in recent years that have exposed the personal data of millions of consumers at an alarming rate. Recent studies reveal that over 50% of global companies report they are struggling significantly to make the necessary changes in how they operate to meet the rules set out by GDPR. The deadline for companies to be compliant with GDPR is May 25, 2018. This is HUGE!
The penalties for companies that violate the GDPR tenets are severe! Fines levied can amount to 2% of a company’s Global Gross Revenue for violations of record-keeping, security, breach notification and privacy impact assessment obligations to start. These penalties are DOUBLED for more serious violations related to the legal justification for processing, lack of consent, data subject rights and cross-border data transfers to top 4% of a company’s Annual Global Turnover or 20 Million EUROs, whichever is greater. Although the GDPR originates in Europe, it affects far more than European citizenry. Any company, anywhere in the world that does business with EU-based consumers or businesses must comply with GDPR standards or they’ll incur the aforementioned penalties.
Let’s specify the types of data the GDPR covers. Anything from internet cookies, web browsing, search engine access, to emails, texts, instant messaging, telephone calls, video calls, conferences (video and audio), webinars, screen captures- nearly every type of communication available on the planet.
Companies are preparing for the enactment of the GDPR by implementing safeguards for the protection of data that include:
- Encryption of personal data
- Ensuring the ongoing confidentiality, integrity, availability and resilience of systems collecting and storing the data
- Restoring the availability of data and access to it in a timely manner following a physical or technical incident
- Processes for regularly testing, assessing and evaluating the effectiveness of these systems
Consent is a huge part of GDPR. Based on the requirements, “consent to be given by the individual whose data is held. Consent means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by state or by a clear affirmative action, signifies agreement to personal data relating to them begin processed”. Companies that obtain consent, must be able to show how and when consent was obtained. Further, an individual may wish to withdraw consent at any time and have a right to be forgotten; if their data is no longer required for the reasons why it was collected in the first place. All data that was collected must be purged and permanently erased.
At first glance, it may not appear that the GDPR relates to call recording and quality management. Call Recording, however, contains data subject to the GDPR and is directly affected by its guidelines. All calls, screen captures, IM recordings, conferences and video recordings especially credit card transactions and health information must be in compliance with GDPR standards which include encryption, safe, reliable storage and most importantly, call data must be retrievable by the organization in the event that a consumer withdraws consent or disputes a call.
CallCabinet’s Atmos platform meets ALL GDPR standards. Our platform employs advanced GDPR fortifications such as enhanced data encryption and keys that safeguard certificates and passwords. Additionally, CallCabinet employs a rotating encryption algorithm that further protects recordings from infiltration prior to storage in the Atmos Cloud and also includes full redundancy. Don’t endanger your company’s ROI or reputation with GDPR violations, especially when we can provide you with timely, cost-effective call recording and quality management solutions that meet all global data security, processing and regulatory compliance standards.
Find out how CallCabinet and Atmos protect your company and it’s customers from data breaches and other security threats to communications.