The world of customer engagement has rapidly changed over the past year, with businesses navigating the unpredictable landscape of consumer behavior during a global pandemic; and those who chose to quickly adapt have generally managed to weather the storm.
When the average consumer’s behavior is predictable and stable, reimagining a customer strategy is challenging enough, but when every day life changes at a rapid and radical pace, it can almost seem impossible.
Combining consumer behavior changes with the evolving world of consumer rights, business leaders are not only forced to re-think digital transformation agendas but also ensure that the evolving regulations of consumer data and business cyber security are adhered to.
How the contact center is central to meeting consumer rights
South Africa recently launched its new Protection of Personal Information Act (POPIA) which took effect on July 1, 2020 with a grace period of 12 months when enforcement will begin.
The EU’s General Data Protection Regulation (GDPR), has become a global data privacy standard, and South Africa’s POPIA is the latest major data privacy law in the world to be modelled closely after the EU’s GDPR.
But what does this mean for contact centers, and what does this mean for the average consumer receiving calls?
Over the past few years, the online customer market has drastically changed, with consumers demanding more transparency over the privacy of their data and personal information. Consumers want to have more control of when they are contacted by having an opt-in or opt-out options, they want to know how someone got their information, and that any information they have shared is stored securely.
POPIA has strict enforcement measures which ensures information is used fairly, lawfully, and transparently. The penalties for not adhering to these laws are hefty, and come at a cost of up to R1-million Rand.
Under this act, you as the consumer have the right to find out what information the government and other organizations store about you.
Current Challenges Contact Centers Face
Contact Centers are on the front line when it comes to handling customer information, so it is of paramount importance that they follow all consumer laws to their full extent.
What are some of the challenges contact centers face when following the POPIA law?
Customers’ information is now scattered everywhere and businesses now hold the legal responsibility of keeping this information up to date and secure. Omni engagement is a strategy that many organizations are implementing, which allows businesses and customers to communicate across various channels and securely share their information. Data is shared through text, telephone, email, webchat, and social media. In addition, some calls are recorded, with information being stored in the cloud.
Things have changed drastically over the years and the new benefits of POPIA mean that consent is Paramount. POPIA protects both companies and organizations as juristic persons, whilst GDPR only protects living individuals. POPIA however, only applies to companies or organizations who are located within South Africa, with the exception of entities that make use of automated processing means in South Africa such as adtech and social media companies.
Companies need to be explicit about the type of data that they will collect as well as how they will process it. At ConnexAI, when dealing with consumers making payments over the phone, the recording function is temporarily stalled, allowing for full privacy and maximum security.
Because contact centers are on the front line when it comes to the POPIA law, it also means they are forging the way when it comes to improving these laws and going the extra mile for their customers. So why is it so important that consumers know how their data is being stored, and which organizations are doing more to ensure this?
Below we explore some changes your business can implement to ensure best practices and adherence:
Make sure the organization has a specific person dedicated to monitoring the POPIA compliance laws
These new data norms requires all companies and organizations to appoint an information officer, who automatically is assigned to the CEO, and this specific role differs in important areas from the GDPR’s Data Protection Officer. POPIA also requires companies and organizations to appoint a Deputy Information Officer.
The laws continuously change, and you need to be able to keep up. If your organization is operating in multiple countries, that means you have to adopt a global compliance approach and adhere to every country’s law.
At Connex, our dedicated Global Compliance Director Beth Longthorne ensures consistent compliance with the up-to-date latest legislation and regulations regarding data and processing information, not only in the UK but globally, as the business has a global client base.
All businesses that operate across different countries must be aware of and review data localization laws and remain on top of the varying consumer rights from country to country and state to state. “We are currently reviewing the trade deals in relation to Brexit and whether an adequacy decision will be adopted, or where the bridge ends in regards to customer data”, says Beth Longthorne, Global Compliance Director at Connex.
Does the organization have internal controls?
There are several internal controls an organization can implement to ensure you are managing obligations, complying with data protection acts, and protecting personal data.
Using IS0 27001
ISO 27001, is the international standard for an ISMS (Information security management system specifies the requirements for- and provides guidance for establishing, implementing, maintaining, and continually improving – a PIMS (privacy information management system) based on the requirements, control objectives, and controls in ISO. Companies that utilize ISO 27001 can extend their ISMS to cover privacy management which includes data processing. It’s also a mechanism that can assist with protecting and managing all your organizations information through risk management. By utilizing ISO 27001 you can easily demonstrate that necessary measures have been taken to comply with the data security requirements of the GDPR, that all corporate information and intellectual property has been protected, consistently remain up to date on security threats, and ensure a culture of awareness is installed surrounding information security.
Having a Cyber Essentials Plus Certificate
Cyber Essentials Plus Certificate is a UK Government-backed scheme that will help you to enhance your businesses cyber security practices and protect your organization against a variety of common cyber attacks. Utilizing the Cyber Essentials Plus certificate ensures a hands-on technical verification is carried out. By incorporating these measures into your organization, you reassure customers that you are working to secure your IT against cyber attack, and establish a clear picture of your organization’s cybersecurity level. Achieving this standard is also an important requirement for many businesses that work with Government branches or agencies.
Implement Regular Organization E-learning Modules
It’s important to find an organization that empowers its employees with E-learning modules, especially on data protection and best practices for both internal processes and when working with customers. One of the most preferred methods is a mandatory E-learning module with a required test evaluation. This ensures employees understand the importance of confidentiality and integrity when handling customer data, as well as the significance of availability of the businesses network, software, and technologies.
Flexibility on Retention Periods
Do consumers really know for how long their data is being stored? It is important to understand for how long your data is protected and kept within an organization. At Connex, clients have the flexibility to dictate their retention periods which allows us to follow our client’s procedures and frameworks. ConnexAI has also built in reminder features for renewing contracts and data permissions.
Ensuring your organization is up to date on following POPIA laws is great for customer satisfaction rates and boosting the overall business reputation. ConnexAI is committed to consumer and client-data privacy/ security and we make sure our customer’s rights are always protected.
Logging Customer Communication Preferences
A great way to retain customer satisfaction is to respect and adhere to customer communication preferences. This can be done in various ways such as logging preferences with Omni functionality, opt-in options across online sign-up forms and integrating with existing CRMs for maintaining up-to-date customer databases. Empowering the consumer to own and act on their rights not only enhances business compliant measures, but overall, enhances transparency and trust amongst consumer and organization.
Meeting Consumer Rights Standards without the hassle
Though businesses and their contact centers should strive to remain compliant, achieving various accreditations such as ISO and Cyber Essentials can be a lengthy process.
However, the task of meeting consumer rights regulations can be achieved more efficiently by choosing a supplier of contact center software that is already thoroughly vetted, as this enables businesses to outsource the risk and assure the highest levels of security and compliance.
For more information on how ConnexAI can help your contact center to meet privacy and data regulations, get in touch with our team at hellous@connex.ai or request a free demo of our platform here.