GDPR BASIC
This regulation was created to protect the personal data and privacy of individuals in the UK and EU.
GDPR (General Data Protection Regulation).
Before accessing or updating sensitive information, you must do this.
Authenticate the caller.
GDPR requires organisations to do more than follow the rules; they must also do this.
Demonstrate compliance.
When a customer asks, “Can I see what data you have on me?”, they are attempting to exercise this specific GDPR right.
Right of Access.
One consequence of a minor compliance breach may be this.
Verbal or Written Warning.
In the context of GDPR, this term refers to the individual customer or person whose personal data is being collected, used, and stored.
Data subject.
GDPR requires associates to access only the information needed for the task. This principle is called:
Minimization
This assessment may be conducted when a processing activity presents a privacy risk.
Data Protection Impact Assessment (DPIA)
This right enables a customer to demand that an organization fix or update incorrect data, such as a misspelled legal name or an outdated billing address.
Right to Rectification.
A serious breach, such as unauthorized access to customer data, may result in this process.
Disciplinary Hearing.
Every time you take a customer's name, address, or payment information, you are doing this.
Processing personal data.
When stepping away from your workstation, GDPR best practice requires you to do this.
Lock or log out of your computer.
GDPR requires organizations to keep these to demonstrate compliance.
Records of processing activities.
Commonly known as the “right to be forgotten,” this allows a customer to legally demand that their personal data be entirely deleted under certain conditions.
Right to Erasure.
A severe or intentional data breach may result in this employment outcome.
Termination of employment.
This principle requires organizations to demonstrate active compliance through measures like maintaining processing records, implementing security, and regularly training staff.
Accountability Principle.
Customer data should only be used for this.
Its stated and authorized purpose.
Under GDPR, data breaches that meet reporting requirements must generally be reported within this timeframe.
72 hours.
The total number of key legal rights granted to individuals under the GDPR framework is to control how their personal data is captured, moved, and processed.
Eight (8) key rights.
Beyond regulatory fines, this represents the ultimate existential business threat to a South African BPO if a client conducts an audit and finds severe or repeated compliance failures.
Loss of the client contract.
Name five types of personal information commonly handled by contact centre associates.
Names, addresses, phone numbers, dates of birth, account details, and/or payment information.
Name three secure practices that help prevent data breaches.
Locking screens, using secure systems, authenticating callers, masking data, never sharing passwords, and reporting suspicious activity.
Name three examples of accountability measures required by GDPR.
Staff training, encryption, access controls, DPIAs, breach reporting, and record-keeping.
When a caller states, “I don’t want you to use my data for marketing anymore,” they are invoking this specific right to halt active processing.
The Right to Object.
Under GDPR, organizations can face fines of up to this amount.
What is €20 million or 4% of global annual turnover (whichever is higher).