Digital communication with your customers in light of the EU GDPR

Is it the calm before the storm – or a storm in a teacup?

Everyone in the field of digital customer communication – and we mean everyone – has their eyes on 25 May 2018, when the EU General Data Protection Regulation (GDPR) comes into force. This not only affects us, people involved with digital customer communication. It concerns anyone who collects, processes or stores personal data. But let’s stay on topic.

Live chat and messenger-based commerce are particularly effective tools when it comes to improving the user experience in the digital world. Whether it’s an insurance customer receiving (better) advice to help her take out the right policy, or an electricity supplier’s customer finally being able to submit his service request to the right place, typically more than 85% of all customers are happy or very happy. And so are the companies. The increased revenue from loyal and satisfied customers is a worthwhile result.

But what happens to the insurance customer’s bank details and the electricity customer’s address? This is where the EU GDPR comes in, with a considerably increased level of protection for personal data compared to previous legislation.

Protection often comes from sanctions. In this case, the liability limits for companies that breach the GDPR are also many times higher. Every managing director must and should ensure, for their own sake, that the requirements of the GDPR are met. This applies to implementation within their own company (often difficult enough), and of course also to implementation at its service providers and partners. It may be a little reassuring to know that liability law no longer provides the only grounds for their managing directors to have an interest in ensuring that data processing contracts are compliant; now they can also be prosecuted directly by regulatory bodies and the courts. But only a little. And so we have to wonder whether what we are currently hearing about the EU GDPR is the calm before the storm – or a storm in a teacup? What questions will be asked by the public, regulators or competitors?

The GDPR calls for the rigorous implementation of a number of procedural requirements, from privacy impact assessments to records of processing activities, for every company that processes data.

Creating and filing rough descriptions in a one-off exercise is by no means sufficient. The GDPR requires that actions are continually scrutinised, measures adjusted, and documentation updated.

In any event, it is certainly advisable to establish the best possible level of data protection. This includes “privacy by default”, or generally avoiding the storage of unnecessary data. And complementing it is “privacy by design”, which means working in a planned and controllable way to avoid storing personal data while at the same time using desirable practices to store the data that is needed to conduct your business properly and successfully.

At optimise-it, we have been developing our software by these principles for years. Each of our customers can configure a defined level of protection fortheir customers’ data, and by doing so, precisely adapt to the needs of their business. We are of course working with a legal firm that specialises inprivacy law, and with our data protection officer, to implement the requirements of the GDPR.

All measures are transparent and documented, and our professional staff are available for our customers to contact directly. We believe that in this way, we are making an integral contribution to our customers’ privacy management.

Sound good? It is. Why not talk to me about it!

Wolfgang Reinhardt, Managing Director
LinkedIn | XING | E-Mail