The EU General Data Protection Regulation (GDPR) is the most significant development in data protection that Europe has seen over the past twenty years, and it’s now just two years away. The impending change in legislation will have a significant impact on the operations of any firm which collects personally identifiable information and wants to operate in the EU. A failure to comply will carry weighty penalties.
Despite the UK’s decision to leave the EU, businesses will still need to adhere to the same stringent set of laws if they want to trade with other European countries; there is no opportunity here to breathe a sigh of relief and assume that the regulations will no longer matter. In the words of the UK Information Commissioner’s Office, “for many organisations nothing will change. The GDPR will apply even when we leave”.
To do business with the EU, the UK will need data protection standards that are equivalent to the GDPR, and EU rules apply at least until Brexit happens and could remain in place afterwards. So what will the legislation involve, what are the risks, and what can companies do now to lay the groundwork to make sure they are ready?
Any company that takes sensitive data over the telephone needs to make sure it knows all the facts about the new regulation and how it could affect their organisation. Businesses that handle ‘significant volumes’ of data will have to appoint a Data Protection Officer to oversee data handling and security, and report to a government body.
The new regulation will also place third party data processors under scrutiny and hold them financially responsible for any breaches. This is an enormous incentive for security companies to gain all the necessary industry certifications.
Failure to comply could result in fines of up to 4% of global turnover or €20 million (whichever is the greater) depending on the severity of the breach and whether the offending business can prove there were initial measures in place to protect customer data.
On top of the official fines, firms might be ordered to pay customers damages in the event of data loss or theft. While the financial penalties alone could obviously prove devastating for companies, a data breach will come with additional consequences, including the loss of trust, falling stock prices and impact on staff.
Secure payments specialist Semafone conducted research which has shown that 86% of people would be hesitant to do business with a company that had suffered a security breach.
Tim Critchley, CEO of Semafone, said: “Clearly, the risks associated with GDPR go far beyond the financial penalties. The reputational damage from a data breach can be huge and incredibly harmful for brands; this issue is a touchstone for consumers who want to know that their information is safe.Despite this, there is a significant lack of awareness among many of those businesses that will have to comply with the GDPR. Worryingly, a large number appear not to know what they will have to do to avoid fines.”
“With that in mind, companies should be preparing now to make sure they have systems in place to meet this stringent new legislation. In our view, the absolute simplest way to do this is to explore secure payment solutions.”
Many firms are already taking advantage of technology such as the patented payment method offered by Semafone. The Semafone solution prevents personal data from entering a company’s internal contact centre systems, which means that, in the event of a data breach, the data is not held and, therefore, cannot be exploited.
Not only does this protect against fraud and the associated reputational damage, it also ensures compliance with industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS).The software uses masking technology which allows customers to type their sensitive details, including payment card numbers, bank details or other personal information, directly into the keypad without having to worry about them being overheard or stolen.
It also means customers can stay in constant contact with customer service agents during the entire transaction, which can help deliver the level of personalised service that today’s customers expect and improve satisfaction rates.
Secure payment technologies can create highly effective and efficient ways of taking away the significant risks associated with the collection of customer information. Its introduction can help bring businesses up to code when it comes to the new GDPR. Now is the time to get these systems in place if companies are to be confident of their data protection systems when the legislation comes into force in May 2018.