Post GDPR Semafone guides contact centres through new regulatory compliance landscape
Semafone is urging contact centres to be alert and aware of the long list of evolving international, federal, regional and state regulations in order to protect customer data, avoid fines and reduce the risk of a brand-damaging breach.
To jumpstart contact centres’ compliance efforts, Semafone breaks down the top regulations, laws and standards bodies to know “Contact centres handle, process and store vast amounts of personally identifiable information (PII), such as credit card numbers, social security numbers, bank account details, birthdates and addresses, making them prime targets for hackers and fraudsters,” said Tim Critchley, Semafone CEO. “With data breaches on the rise, compliance must be an integral part any organisation’s security strategy – although that is often easier said than done.”
The challenge, according to Semafone, is the lack of a single, all-encompassing global data security and privacy mandate. While the European Union General Data Protection Regulation (EU GDPR) is a step in this direction – as it applies to any business that handles an EU citizens’ data, no matter where the company is located – organizations must still adhere to a patchwork of other regulations.
This becomes even more complicated when call recordings are involved. For example, the Payment Card Industry Data Security Standard (PCI DSS) prohibits the recording and storing of Sensitive Authentication Data (SAD) for credit and debit cards. Yet, in the U.S., the Electronic Funds Transfer Act (EFTA) requires the recording and retention of telephone conversations that authorize electronic funds transfers.