GDPR (General Data Protection Regulation) went into effect May 25, 2018, providing citizens living within the EU many new legal rights, aiming to increase transparency and provide greater control over their data. CSI is aware many of our partners and customers are concerned about compliance with GDPR. Efforts are in place to ensure Virtual Observer continues to assist in maintaining compliance within GDPR guidelines as well as PCI, SOC2, etc.
GDPR effectively strengthens the following data protection rights for individuals so they:
- know what personal data is being collected
- can access the data that a company holds
- can move personal data from one provider to another
- can rely on consent-based data rules
- can allow for data will be “forgotten” in certain circumstances
- Of note: Recent surveys showed that 92 percent of U.S. companies consider GDPR a top data protection priority
GDPR applies to all the organizations that are registered in EU or have an establishment or subsidiary in EU. It also applies to an organization which sells goods or services to citizens of the EU and process or monitor the personal data of EU residents. GDPR clearly defines the use of a person’s personal data as relating to an identified or identifiable natural person. The new law controls any information that can be used to identify somebody via direct or linked reference, including email addresses, phone numbers, payroll data, usage statistics, purchasing history, social security numbers, etc. The GDPR authorities will be able to issue fines of up to EUR 20 million or 4% of annual worldwide turnover, whichever is higher if there is a breach of terms listed by the authorities.
Virtual Observer, a WFO platform, is engineered to help our customers protect an individual’s data with enhanced security and many features, such as built-in 256-bit media encryption, optional LightsOut! for advanced security as well as additional available measures such as key encryption technologies, all of which can be leveraged by an organization’s efforts to comply with GDPR. CSI’s Virtual Observer allows users to annotate recordings, and provide a comprehensive audit log which tracks changes. Virtual Observer’s “LightsOut!” component also provides the ability to remove sensitive data from recordings, either manually via agent start/stop or automatically through API triggers.
Virtual Observer also supports the ability to capture what is needed (calls, screens, metadata, omnichannel events) and purge whatever is not needed. Recordings can be tagged manually or automatically to allow for reliable processing and removal. Platform access for Virtual Observer can be controlled through active directory authentication or SAML 2.0-based “Single Sign-On” and with standard cloud, local or archive storage options. Virtual Observer administration utilizes granular security controls which can be configured to support your retention policies. Our solution can be deployed within a customer’s infrastructure so it works within established access policies.
CSI has been supporting customers with the secure capture of communications for 45+ years. In recent years, compliance and regulatory requirements have become a top priority for our customers and we will continue to develop tools to assist in these regards. Combined with an extremely secure ability for Virtual Observer to export records, including all metadata, via API or through our prebuilt CRM connectors, your data is truly yours.