Category Archives: Industry News & Insight

GDPR: One Year On

GDPR: One Year On

Industry News & Insight

On 25 May 2018, a new European regulation was enacted in order to increase the protection of citizens’ personal data. Few regulations have received as much media coverage as The EU General Data Protection Regulation (GDPR). GDPR aims to regulate the use of people’s personal data while protecting users’ private information and providing a clearer and more transparent idea of the way this data is handled.

How to ensure that your organisation is GDPR compliant

Last year, we published a blog about GDPR compliance. Here is a short reminder of some of the key things companies need to do to ensure they are GDPR compliant:

  • Obtain explicit consent before the collection of your users’ data
  • Obtain explicit consent to hold any data obtained before May 25th, 2018
  • Clearly and concisely explain the purpose of the data processing in the information notices (privacy policies, terms and conditions and opt-in statements)
  • Ensure that all individuals can access (and wipe) their personal data if requested

What sanctions could your organisation be facing?

Remember the relentless bombardment of emails last year, where companies asked users to confirm their consent in order to obtain and process their data? The first few weeks following GDPR revealed a lot of paranoia from companies, which was understandable given the sanctions companies could face. The penalties for violating GDPR are severe: administrative fines of up to €20 million or 4% of a company’s annual turnover. However, despite the panic caused by the implementation of GDPR, the number of sanctions given by the Information Commissioner’s Office (ICO) and its European counterparts has hardly increased in the last year.

To determine the size of the fine, regulatory agencies take two factors into account: how long the infraction has existed and the impact of the violation on the concerned parties. For this reason, it is important to anticipate the risks of non-compliance as early as possible in order to avoid or reduce fines.

GDPR, more a tool than a burden

The objective of GDPR is to provide a comprehensive set of privacy rules that are understood and applied in a uniform manner throughout Europe. Companies processing personal data must now inform their users of the purposes of data processing, the storage period, and more. However, most users instinctively skip reading these statements and notices and accept the terms almost automatically, without understanding their implications. While these notices have been implemented to help users comprehend how their data is being used, they are often too long, too descriptive, uninteresting or even difficult for non-specialists to understand, ultimately adding little value or transparency for the user.

Despite its shortcomings and daunting nature, GDPR is, in fact, a very important tool for companies and customers alike. GDPR was created out of the desire to give individuals control over their personal data and to help them better understand and enforce their rights. By complying with GDPR, you assure your customers that their data is protected and that your use of it will be limited and transparent. Plus, if a security breach occurs, you are required to inform your customers, allowing them to take any necessary action.

What conclusions can be drawn from the first year of GDPR?

In the last year, GDPR will have raised citizens’ awareness of the issues related to the processing of their data. Users can now feel better informed about how their personal data is used. GDPR has made it clear to consumers that they have rights in regards to the protection of their personal data, but despite a successful first year of GDPR, there is still a long way to go before its objectives are fully achieved.

Did GDPR work?

While it’s still too early to evaluate the full extent of its impact, GDPR seems to have worked rather well, with a coherent, solid and effective implementation. Despite the initial backlash that GDPR received, it has since received positive feedback from key members of the business community. As a result of GDPR, companies have realised that they have a lot of work to do to regain consumer confidence and ultimately strengthen the digital economy.

GDPR

Top 4 Tips for Getting GDPR Ready

Industry News & Insight, Tips

If you haven’t thought about the impact that the GDPR is going to have on your business you should definitely put it at the front of your mind as the May 2018 deadline is drawing even closer. Still not sure what the purpose of the GDPR is? The General Data Protection Regulation was designed was to simplify and harmonise the data privacy laws across Europe in an effort to further protect its citizens and give them more power when it comes to their personal data. This important regulation will change the way every business approaches data privacy. As the GDPR looms closer here are some tips to make sure you’re ready for it.

Be Aware & Prepare

It’s really important to have a good understanding of the purpose, aspects of and how it will affect not only your business but you as an individual also. Distribute information throughout your company internally so all staff have a chance to be educated on a regulation that will have an effect on how they handle and store personal data in their role. Putting together an informational guide or even hiring a GDPR specialist such as a data protection officer to train and advise your staff is a good way to raise awareness.

Carry Out a Data Audit

Investigate the data processes that you have in place in your company, what sort of personal data do you store, how much, and where is it stored are great questions to start thinking about. The data that is affected by the GDPR is any and all personal data stored by a business or organisation that can be used to identify and individual or is at all linked to any information that could lead to identifying an individual.

Consider decluttering the data that you store, evaluate what data is the most important and put together a checklist of the only information that you need to store and what information is not of value and is not needed to be retained. Once you have concluded what data is unnecessary you should debate whether it would be beneficial to destroy it. Holding less data can simplify future processes such as Subject Access Requests.

GDPR Knows No Boundaries

Although GDPR is very focussed on the control and privacy of personal, identifying data and information it doesn’t just pertain to companies who are based in the EU. Any company outside of the EU – whether you’re in Australia or Abu Dhabi – who collects data within the EU regarding EU citizens fall to the same regulations as companies based in Europe.

Know the Special Requirements

Avoid a substantial fine and make sure you’re educated on all the technicalities. Something as simple as not updating your privacy policy by May 2018 could land you in hot water, some businesses may even need to request parental consent when asking for and processing data for individuals aged 13 and under.

The rule of unambiguous consent is also being introduced with the GDPR. It is crucial that before any personal data is collected or used for marketing purposes individuals consenting to their data being stored understand 100% what they are agreeing to when handing over their information.

The GDPR is extensive and it is very important that you research and read up on every aspect of the regulation so you are prepared and completely compliant when May 2018 rolls around.

Get in touch with us here at C3 to see how we can help you, contact our team on 01223 427700 or email info@c3.co.uk.

call centre workers

The Impact of GDPR on UK & EU Contact Centres

Industry News & Insight

With less than 200 days until GDPR comes into effect throughout the EU and UK do you know what impact it will have on your business? There is also a large misconception surrounding GDPR, as it is an EU law many UK businesses believe that once the UK leaves the EU that GDPR will no longer affect them, this is entirely wrong. The government has reiterated that even post Brexit the GDPR will still be in effect, so there’s no putting temporary measures in place to ensure that you are fully compliant while still bound by EU law.

The GDPR is a whole new set of legislation and regulations to govern how data is captured and ultimately stored, these stricter rules will especially have an effect on contact centres. Hubs of data collection and processing, there are over 6,200 contact centres in the UK with around 4% of the UK’s population being employed at a call centre. However, failure to comply comes with an even bigger price tag under the GDPR than it does under current legislation. Depending on the size of the breach a company could be looking at a €10 million fine or 2% of the company/group’s worldwide sales (whichever is the greatest amount) for a smaller scale breach or €20 million or 4% of the company/group’s worldwide sales (again, whichever amount is greatest). With larger fines there’s even more incentive now than ever to get fully compliant.

Whether you operate a contact centre directly in house or outsource any contact centre requirements all businesses still need to think and be aware of the impact the new GDPR legislation will have on every process within that process from data collection to processing and then storing that information.

For contact centres a major impact is how the GDPR sets out to define what personal information is. For example, under current legislation definitions have been narrow and precise whereas the GDPR covers any and all data that can be used to identify an individual, either a single piece of data or a data that can be used in combination with other pieces of data. This new ruling means all personal data is protected under GDPR, businesses need to be conscious of how they store any personal information as individuals also have the right to access their details at any time and modify it or ask for it to be removed promptly.

Contact centres need to ensure they have the right infrastructure to manage such requests of individuals and to complete them to the satisfaction of both the individual and the GDPR. The new data regulations actually suggest that self-service is the best approach for providing this ability. All businesses will need to review their data protection processes and systems to ensure that they are able to comply with the incoming GDPR and if they discover that they will not they need to upgrade and update their systems in line with the new legislation.

Although the GDPR is bringing about a large change, it is a change for the better as it will undoubtedly improve standards around privacy and data protection, minimising and moving to eradicating data breaches like those that we have witnessed in recent years.

Get in touch with us here at C3 to see how we can help you, contact our team on 01223 427700 or email info@c3.co.uk.

Social Media in the Modern Contact Centre

Call Handling, Industry News & Insight

We are currently living in the age of social media, it has grown from just keeping up with friends on one network to having profiles on multiple networks. You’re not just keeping up with your family and friends anymore, you’re keeping up to date with news, celebrities and being targeted left right and centre by businesses with their marketing and advertising among other things. Social media holds great weight when it comes to influence and is a very public channel of communication, this is somewhere where you don’t want to be trash talked by anyone.

With 74% of internet users having active social media accounts it is time to pay close attention to social channels if you haven’t already, use of social media is only forecasted to increase as rapidly as it has been over the past few years. This means integrating social into the contact centre.

There are so many social networks out there so how do you know which channels to integrate and monitor? It’s time to look at your analytics. You need to discover which channels are most popular and most used by your customers, but also keep in mind how popular they are overall. You might have a lot of customers that use LinkedIn but as a smaller social network you might not want to put all of your focus on it. Platforms with the most active users include; Facebook, YouTube, Tumblr, Instagram and Twitter. Consider which are the biggest social networks with the most influence but are also the most popular with your customers.

You need to go further than just integrating your social channels into your contact centre, agents need to be well versed in using the social channels as customer service platforms. Whether you take on new agents and build a social team or train all existing agents to be multi-skilled and able to manage the multiple channels.

With a multi-channel contact centre solution you are able to streamline all of your media channels (voice, email, SMS, web chat and social media) into a single, fully-integrated solution where they are displayed on an agent’s desktop. A multi-channel solution is very easy to use and is cost effective, you can queue, route and monitor enquiries all in one place and even integrate a CRM. Such solution empowers your agents to deliver next level customer service at all times, it allows you to provide customers with all of the information they need quickly and to respond to all issues in a timely manner.

For more information about our multi-channel contact centre solutions get in touch with our team on 01223 427700 or email info@c3.co.uk.

How Multi Channel Contact Centre & Secure Payment Solutions Can Help the Education Sector

Industry News & Insight

The way in which people interact with companies and businesses has shifted over recent years, everyone used to call traditional call centres and remain on hold for seemingly long periods of time. In an age where the iPhone wasn’t the norm and Twitter and Facebook were just getting started there were a lot fewer recognised channels for customer support. SMS and live chat hadn’t taken off yet for customer support use and Twitter had not yet become the social platform it has today where one bad tweet from someone with a lot of following can potentially cause havoc for a brand. All you really had was your landline to ring a call centre number and hope you got the answer you wanted or to send an email and hope for a reply, however, now that is not the case.

But it’s not only businesses, brands and charities etc. the way in which people want to interact with every institution is changing, even the education sector. People want to be able to tweet a university a simple question or to leave a comment on Facebook and expect an answer quickly in addition to receiving great service when making contact on traditional channels such as telephone and email. Higher education institutions are starting to have to operate as businesses, with high tuition fees pushing the education sector into a more competitive commercial direction, universities are starting to have to win over students very much like businesses would clients.

Multi-channel contact centre solutions allow schools, colleges and universities to make the most of all new opportunities afforded to them and engage effectively with past, present and future students, faculty and the further community while remaining completely cost effective. These solutions can also aid with events such as the clearing period and periods of fundraising/donations.

Clearing

The clearing process had an overhaul for 2016, with the cap on student numbers being lifted it allowed universities to actively recruit potential students and offer as many places as they wanted provided they had the space and resources for them, it allowed universities to become selective. It not only benefitted universities, clearing began to be used in a different way. Instead of students using clearing to scramble for a place at another university because they didn’t get their predicted grades, students were going through clearing to get a place at a better university, or get a place on a different course if they had changed their mind.

During the clearing period universities see a flood of enquiries from students from multiple channels, often they are unable to manage every enquiry and so many students are left without answers and go elsewhere. A multi-channel contact centre solution can help universities to scale up and expand their communications to allow them to not only tackle all of the enquiries that they receive but also to do it efficiently.

Multi-channel allows you to streamline all of your channels and manage everything – voice, email, SMS, live chat and social media – from one central location. You will also never miss an enquiry, the innovative queuing system sorts and deals with all messages chronologically while assigning enquiries to individuals so no one is left wondering if an enquiry has already been dealt with.

Fundraising & Alumni Donations

Alumni donations form a large part of further education finance, in 2012 alumni donations reached an incredible £800m with expectations to rise, and it did. In the 2015-2016 term donations from alumni in the UK to higher education institutes reached a record high of £1.06bn, smashing the £1bn mark that has never been surpassed before. As a further education institution how can you maximise you alumni donations? Those looking to donate are more likely to complete a donation if they’re on the line with a real person so they know their donation is reaching the right place.

When dealing with alumni donations it is essential to use a secure telephone payment system, because you’re processing a payment you must be PCI DSS compliant. A solution like our Secure Assist guides volunteers and staff through the donation process while maintaining the vital level of security required when it comes to payments, Secure Assist allows secure payments to be taken over the telephone, SMS and online payment portals. It is also entirely flexible to ensure the most cost effective solution, with complete adaptability to a range of different applications such as accommodation, fines and food just to name a few.

For more information about our multi-channel contact centre solutions or if you want to discuss Secure Assist and how they can help your education institution, get in touch with our team on 01223 427700 or email info@c3.co.uk.

5 PCI DSS Compliance Myths Debunked

Industry News & Insight

The number of credit and debit card payments being made in the UK each year has significantly increased over the past decade, the UK Cards Association reported that 15 billion transactions were made in 2015 with a value that amounted to around £660 billion (35% of the UK GDP in 2015). With the increasing rise in card payments payment security has taken more of a front seat in recent years, and rightly so.

However, there is still a bit of confusion around PCI DSS, many people don’t understand what it is and what implications it can have on them or their business. As a PCI DSS Tier 1 Service and Solutions Provider we have heard it all here at C3.

  1. We don’t process enough payments to require to be compliant

Ever since the implementation of the newest PCI – PCI 3.2 – in 2016 there is no longer a minimum number of transactions that have to take place for a merchant to be required to be PCI compliant. This means that even if you process one card payment every year you still need to adhere to the standards and be fully compliant.

  1. PCI only applies to e-commerce companies

Any company that stores, processes or transmits cardholder information, whether you have a shop in a physical location and use POS devices, process card payments online through your online store or offer a tele-billing service, PCI applies to you.

  1. Masking numbers is enough

Many believe that hiding the whole credit or debit card number with the exception of the last 4 digits is enough when in fact it is not, this is only a small step in the PCI process. This only hides the full number on the payment screen so that, in a contact centre for example, the agent can’t see the number, it does not account for your network or system storing that information in a non-compliant manner elsewhere where it can be retrieved and decoded later.

  1. Merchants are allowed to store any data

There are many business owners that think they have the right to store any and all of the data that they want to in order to aid their business. This violates PCI DSS as well as legislation regarding privacy, customers may not have given permission for their sensitive data to be stored. PCI states that unencrypted credit card numbers, CVV or CV2 numbers, PIN blocks, PIN numbers or Track 1 or Track 2 data cannot be stored under any circumstances. If anyone is found to have stored any of the above information they run the risk of facing serious consequences particularly if any data has been compromised, a security breach and all the costs that come with it could put a company out of business.

  1. PCI is unreasonable

When it comes to the security of the sensitive information and data of your customers nothing is unreasonable. PCI DSS is a common security practice, it may be hard to understand for those who do not have large security or IT departments, but that is where C3 come in. We are fully accredited to provide a range of secure solutions to process credit and debit card payments via telephone, SMS and/or online

We have worked with some of the UK’s biggest charity events such as Comic Relief and Children in need to process thousands of secure payments per hour. We also work with many retailers, value added service providers and tele-billing organisations to develop PCI DSS Compliant smart payment applications.