Study reveals UK contact centres are still unprepared for GDPR

Study reveals UK contact centres are still unprepared for GDPR

The Aeriandi study has revealed contact centres are woefully unprepared for General Data Protection Regulation (GDPR)

A new study by voice security services company Aeriandi has revealed that many UK contact centres still have significant preparation to complete ahead of May 25 – the ‘go-live’ date for the EU’s General Data Protection Regulation (GDPR).

The study, carried out at the Call and Contact Centre Expo in London in March, shows surprisingly low levels of awareness of the regulation itself, and that the number of contact centres on course to comply with the new regulations ahead of, or by, the deadline is low.

Key findings include:

  • Almost one quarter (24%) do not know what GDPR is
  • Over half (60%) still need to make changes and 5% are not prepared at all. Only 19% of respondents are prepared
  • A total of 70% are aware how GDPR will impact the contact centre but are not confident they know how
  • Less than one third (29%) feel confident they completely understand how GDPR will impact the contact centre
  • Less than one third (32%) of respondents say they definitely can deliver GDPR subject access requests (SAR)

Low awareness levels of how GDPR will impact call recording

Contact centres, particularly those that store call recordings, manage a wealth of personal information. The new regulation covers any data that can be used to identify a person – either on its own or in tandem with other data.  Any call recordings stored by contact centres will fall under GDPR.

However:

  • A total of 68% of respondents are not confident they understand how GDPR will impact call recording in the contact centre.
  • A total of 6% do not think it will impact call recording in the contact centre at all
  • Only around one quarter (26%) are confident they understand how the new regulation will impact call recording in the contact centre

Access rights have the potential to delay compliance

Known as Subject Access Rights (SARS), the new regulation will give individuals the right to make reasonable requests to access their personal data, as well as the right to request any of their personal call data be erased. This will place more stringent requirements on the storage and back up of customer voice recordings.

However:

  • More than a quarter of respondents – 28% – stated they are not confident their contact centre can deliver on SARs that meet GDPR requirements.
  • A total of 46% either don’t know, or are not confident their contact centre can deliver on SARs

Matthew Bryars, co-founder and CEO at Aeriandi, said: “Organisations need to identify the areas where they are yet compliant and create a plan of action.

“Contact centres will require a technology approach to meet the challenges effectively. The time to act is now.”

Browse our latest issue

Intelligent CISO

View Magazine Archive