The importance of security and GDPR to the digital customer experience
Thanks to the rise of digital channels, brands now possess large amounts of personal data on their customers. Often this is used to provide a better, more personalized service that better meets consumer needs. However, protecting this sensitive information is obviously vital if brands are to build consumer trust, meet regulatory requirements, protect their brand and retain customers. As cases such as the recent hack at Equifax demonstrate, security breaches are extremely costly to reputation, stock price and in legal terms.
As well as securing personal data, brands have a duty to use such information in ways that protect consumer privacy. This will be strengthened by the EU’s new General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018. Covering every individual within the EU, it gives them new rights around how their data is protected and shared. Importantly it applies to any company dealing with an EU citizen, no matter where the company itself is based. And the fines for non-compliance are potentially enormous – up to €20 million or 4% of global turnover, whichever is the higher.
GDPR gives consumers new rights over their data, as well as increasing regulations on companies. These include:
- The right to be forgotten, the ability to ask companies to erase all personal data they hold on an individual.
- Breach notification within 72 hours of a company becoming aware of a security breach.
- Privacy by design. Meaning that companies should take into account privacy when designing new IT projects.
- Data Protection Officers (DPO). Companies handling large amounts of personal data will need to appoint a DPO to oversee data security strategy and GDPR compliance.
GDPR applies equally to organizations and their subcontractors, which includes software companies that provide solutions that store personal data.
As a leading provider of customer experience software in Europe, Eptica has always been focused on security and works hand in hand with its customers to ensure that personal data is protected and privacy safeguarded.
As part of this our preparations for GDPR are on track, with the appointment of a Data Protection Officer already made and a full audit of our code against GDPR rules. I’ll provide an update as we get nearer the 2018 deadline, explaining how we are ensuring compliance for both ourselves and our customers.