GDPR becomes law in May 2018 and represents the biggest shake-up of data protection regulation in more than twenty years. It gives people increased ownership and control over their personal data assets and provides a single regulatory environment for all organisations that capture, process or store personal customer data.
To prepare for GDPR, organisations should:
- Establish what data is archived on aging physical formats such as tape or optical media
- Decide whether this old data still needs to be stored
- Review all data acquisition, processing and storage practices
- Identify any required changes to infrastructure
The Technology Question
Technology is a key to compliance as systems that are no longer supported by manufacturers or solution vendors pose a significant risk as they will not meet the standards of GDPR. Data that has to be held must be migrated to current platforms with advanced search and analytics capabilities for greater security over the longer term.
Thought must be given to how and where recordings are stored as customers will have the right to request access to any stored personal data. Organisations will have to identify, access and, if requested, delete any recordings of interactions that contain captured personal information within one month.
A major challenge will of course be how to identify these recordings, particularly when having to search through historical recordings with only limited attached metadata. Using the latest speech technologies presents the only viable solution for organisations wishing to achieve compliance without having to deploy additional staff to manually search through recordings.
SVL Business Solutions Has The Answer
As well as offering SmartVoice Replay to consolidate the long term storage of historical audio transactions onto a single, up to date platform, SVL Business Solutions uses Automated Speech Transcription which enables recordings to be searched for by any word or phrase. It allows the results to be viewed in seconds as text summaries ranked by relevance and generates text transcripts that can be reviewed three times faster than traditional manual methods.
Transcripts are colour coded to identify each speaker making it quicker and easier to identify the important constituent parts of calls without having to manually listen to entire recordings or search for the relevant sections. Users can click on particular words or phrases in a transcript to start playback at that point or listen to the whole recording. Clicking on any particular recording instantly locates other similar recordings.
Automated Speech Transcription also provides organisations with the option to also check other communications channels including email, SMS and instant messaging.
The good news for organisations that are already PCI DSS compliant is that they will find it relatively straightforward to also achieve GDPR compliance. Those that are not should consider building a GDPR platform to comply with PCI DSS requirements to provide the best protection.
Is Compliance Optional?
GDPR applies to organisations regardless of size from international corporations to sole traders and failure to comply with this new regulatory environment will result in fines of 4% of global turnover. What is more, it is possible that larger corporate firms are likely to view smaller suppliers as an unacceptable risk if they can’t demonstrate the control over data processing required to be compliant with these new regulations.
Organisations can’t afford to ignore GDPR and need to start taking steps towards compliance as soon as possible.