The General Data Protection Regulation (GDPR) is a relatively new directive from the EU that seeks to unify personal data security across all member states, and third countries that hold personal data on EU citizens, that will apply in the UK from 25 May 2018.
The GDPR was announced in May 2016 to give member countries a two year transition period for compliance.
There is no period of grace for compliance with the GDPR beyond 25 May 2018 so companies and organisations throughout the EU should be preparing for its introduction now.
Despite the UK referendum vote to leave the EU the UK government has confirmed that the directive will apply here – as it will in any third country that holds personal data on EU citizens.
In the UK, the policing of the GDPR and compliance with the directive will be handled by The Information Commissioner's Office (ICO), a non-departmental public body which reports directly to Parliament and is sponsored by the Department for Culture, Media and Sport. (See www.ico.org.uk).
Organisations and companies that already hold personal data will likely to be doing so in compliance with the UK Data Protections Act (DPA) of 1998.
Many of the GDPR's main concepts and principles are much the same as those in the current DPA, so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from.
However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.
It is therefore essential, given the timescale to introduction, to plan your approach to GDPR compliance now and to gain 'buy in' from key people in your organisation. You may need, for example, to put new procedures in place to deal with the GDPR's new transparency and individuals' rights provisions.
In a large or complex business this could have significant budgetary, IT, personnel, governance and communications implications.
The GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate their accountability. Compliance with all the areas listed in this document will require organisations to review their approach to governance and how they manage dataprotection as a corporate issue.
One aspect of this might be to review the contracts and other arrangements you have in place when sharing data with other organisations.
High profile breaches where external hackers have stolen or exposed stored personal data are common but oftem the organisation that has had their data compromised are totally unaware it has happenned for for weeks and months afterwards. The GDPR however places the responsibility on the data data controlling organisation to report any breach withing 72 hours.
The penalties available to the ICO to impose on organsations that breach the GDPR directive are severe and include fines of up to 10% of the organisations' global turnover. For many companies such a fine would be a terminal event.
Now that the deadline is less than 12 months away, preparation for the implementation of the GDPR is paramount.
Ask yourself - is your organisation ready for it?
How can Oak Innovation help?
Ability to remove recordings for a specific customer phone number
The ability to remove specific customer records is crucial to compliance. Under GDPR regulations, a data subject has the right to have their personal data rectified or forgotten. Oak makes it easy to find and remove specific records.
All calls recorded on an Oak system are encrypted so they cannot be tampered with. Businesses are better protected from abuse, and in case of customer disagreements. stereo playback ensures perfect clarity as required by legal firms.
Store recordings for as long as you need
Oak systems can store a huge volume of recordings. Calls can be found using a wide range of criteria, for example, date, time, extension, CLI, DDI, telephone number, user defined flags or even customer reference if linked to a CRM system.