« Back to Mida Knowledge Hub

What is General Data Protection Regulation?

General Data Protection Regulation (GDPR) is a European regulation put into effect on May 25, 2018.

GDPR is a legal framework that sets guidelines for the collection and processing of personal data from individuals who live in the European Union. Indeed, despite the fact it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect information related to people in the EU.

What are the scope, penalties, and key principles of GDPR?

The fines for violating the GDPR are very high. There are two levels of penalties, which max out at €20 million or 4% of global revenue (whichever is higher), plus the compensation for damages that can be sought by data subjects. The rules included in GDPR are strongly related to a set of legal terms which include:

• Personal data: any information related to the individual which can help him be directly or indirectly identified. They comprehend of course Name, Surname, addresses but also gender, location information, political and religious preferences, biometrical data, ethnicity, and pseudonymous (ad long as they consent to easily ID someone from it)
• Data processing: any action performed on data, whether automated or manual. The actions cite in GDPR’s text includes basically anything: collecting, recording, organizing, structuring, storing, using, erasing
• Data subject: the person whose data is processed – Data controller: the person who decides why and how personal data will be processed
• Data processor: a third party that processes personal data on behalf of a data controller According to GDPR any organization managing data of EU citizens must follow seven accountability and protection principles (see Article 5.1-2 GDPR):

1. 1. Lawfulness, fairness, and transparency — Processing must be lawful, fair, and transparent to the data subject.
   2. Purpose limitation — data must be processed just for the legitimate purposes specified explicitly to the data subject at the collection stage.
   3. Data minimization —it must collect and process only as much data as absolutely necessary for the purposes specified.
   4. Accuracy — it must keep personal data accurate and up to date.
   5. Storage limitation — personally identifying data must be stored just for as long as necessary for the specified purpose.
   6. Integrity and confidentiality — any organization processing personal data must do it in such a way as to ensure appropriate security, integrity, and confidentiality. As, for example by using encryption.
   7. Accountability — the data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

Why GDPR is so important in contact centers?

GDPR compliance is extremely important in Contact centers, as they will have to look at data storage and how can it be accessible for customers, securing all personal customer information and employee data as described as Personally Identifiable Information (PII) and making provisions to include the right for customers to be forgotten, transfer the data, and access to any registered data. Mida UC applications are compatible with GDPR regulation. This compliancy ensures complete data privacy for the customers, as well as transparency in how their phone conversations are collected and stored.