How does the GDPR affect debt collection agencies?

Topic: Finance & DCAs

There are two key adjustments of which you need to be aware: transparency over customer data, and accountability.

The debt collection industry is already heavily regulated, for obvious reasons. But there’s a new guideline being introduced by the ICO from 25th May 2018 which adds another very important consideration to the list of your internal business costs and priorities.

What is the GDPR?

It’s the General Data Protection Regulation, and replaces the Data Protection Act of 1998, although a lot of the principles are the same.
There are two key adjustments of which you need to be aware: transparency over customer data, and accountability.
The GDPR ensures personal data is processed lawfully, fairly and transparently; taking care to explain to customers why you collect their data, what you’re doing with it, and what their rights are to manage the data you hold for them.
The accountability principle means you must be able to demonstrate compliance with the data protection principles – to show your workings, so to speak.

What does this mean in practice?

To put it into real terms, contacting someone to address their account is acceptable, but ringing them multiple times a day with misleading Caller Line Identities (CLIs) or no voicemail option isn’t.
The transparency check fails when the CLI is misleading, and the accountability check fails if you can’t prove that you have all of your dialling and outbound communication channels working in sync.
In an already crowded market full of rules and regulations, this isn’t one to ignore.
Getting this one wrong has serious implications on you and your business’s profitability to the tune of €10 million or 2% of your turnover – that’s your growth plans squashed by one (very big and costly) mistake.
We have a helpful guide to GDPR that may answer any further questions and concerns you have regarding customer communications and staying compliant.

Will Brexit impact the implementation of the GDPR?

The simple answer: no. The UK government has already confirmed this is to be rolled out irrespective of our EU status in the future.
Esendex’s top tip on this: plan your next budget talks and focus investments around ensuring this is met and tracked. Look at your existing contact strategy and understand how GDPR can be implemented AND monitored.

Your GDPR checklist (courtesy of Bird & Bird LLP):

  • Review your data protection policies, codes of conduct and training to ensure that these are consistent with the revised principles
  • Ensure that you have a paper trail of decisions relating to data processing so that you can ‘demonstrate compliance’ if required
  • Review and (where necessary) update existing information notices
  • Review the training provided to your customer facing agents; updates may be required to processes and procedures
  • Make somebody responsible for data protection compliance within your organisation
  • Audit existing supplier arrangements and update template RFP and procurement contracts to reflect the GDPR’s data processor obligations
  • Assess liability exposure under existing customer, supplier and/or partner arrangements.

Can we help?

We’ve been serving the collections and customer contact space for over 10 years. We’ve seen the way customers are interacting with you change, from the traditional high-cost agent on the door, to low-cost tech-savvy self-service channels.
We know what can (and can’t) be said and can work with you, collaboratively, to help build a robust contact solution fit for your needs. Here’s a quick overview of our communication solutions for financial services.

Author Avatar