Skip nav to main content.
Registration is now open for TCN's C3 2025 Register Now
call center management

10 Ways the EU’s GDPR Could Impact Call Centers in 2017

Avatar photo

Kerry Sherman

Vice President of Business Development

The European Union (EU) passed a new version of the General Data Protection Regulation (GDPR) to be implemented in 2017 and enforced by 2018. The regulation changes the communications game for every business, from the smallest to the largest. It also harbors significant impacts to companies with or using call centers, with non-compliance proving fatal: IBM reports fines could be as much as 20 million euros, or a little over $21 million.

If your business uses cloud-based call center software or works with a call center for customer service activities, here are 10 things you need to know about the GDPR.

1. EU Everywhere

The GDPR will have global ramifications. It calls for compliance not only from businesses and organizations operating in the EU but also from those that process the personal data of EU residents, regardless of where they reside.

2. Increased Oversight

If you thought staying compliant with the FTC and the FCC was hard, the GDPR may make them seem like cakewalks. The EU’s directive increases regulators’ powers and capabilities to enforce GDPR compliance. If your business touches the EU in any sort of way, you should prepare for increased scrutiny and oversight.

3. Broader Personal Data Definitions

In the U.S., personally identifying data tends to be relegated to the realms of Social Security numbers, credit card numbers, or health data. The EU’s GDPR takes a much broader stance on the subject, saying that personal data includes anything that “directly or indirectly identifies or makes a data subject identifiable.” On a positive note, you’ll get more data. You just gain more responsibility to protect it, too.

4. Simplified Standards and Regulations

The GDPR may entail a broader definition for personal data, but it aims to standardize regulations and governing bodies. That’s a good thing. While it’ll be rough going at first, streamlining standards and authorities should make it easier to stay in compliance.

5. Consumer Consent First

The GDPR features strict and specific rules about consumer consent prior to processing any identifying data. For example, the directive requires companies to use “opt in” for all communications rather than “opt out.” The change will require many companies to evolve their communication practices—across all channels.

6. Empowered Consumers

With the GDPR in effect, consumers will call the shots—even more than they already do. They will decide how much and which data you get to keep. They also will control how you use their information.

7. Parental Controls

The GDPR requires parental consent when processing data for children under the age of 16. The restriction might not make much of a difference to your company, but it could be hugely impactful to those involved with international adoptions or humanitarian aid.

8. Data Protection Officers

The GDPR also implements a new organizational role: the data protection officer (DPO). The position will likely oversee data privacy, security, and compliance. As such, the role could be a good investment despite the international pressure backing it.

9. Data Breach Notifications

In the U.S. several laws, national and statewide, govern data breach notifications. The GDPR could trump all of them, requiring that notification be made in 72 hours. The GDPR includes a couple of exceptions to the rule: notification isn’t required when the data breach isn’t likely to harm the consumers in question, and it can be delayed due to “exceptional circumstances.” The latter feels like submitting a doctor’s note to your teacher; the GDPR says businesses with “exceptional circumstances” will have to justify them. Conferring with legal could be critical on this and other changes.

10. Privacy by Design

The GDPR calls for “privacy by design,” that is, privacy integrated into every facet of products and services. The regulation also demands that companies only collect necessary data. Both statements bear an uncanny resemblance to those made by FTC Chairwoman Edith Ramirez last year.

Compliance is a growing and critical issue among call centers, businesses, and organizations. If you’re wondering where to begin your mastery of it, start with our infographic. It outlines some of the costs and repercussions of non-compliance, as well as the regulations you need to know to stay in compliance in 2017.

Explore all the features of TCN’s call center software