Business Info - Issue 140

businessinfomag.uk magazine 34 GDPR ...continued There has been a marked increase in dedicated software security programmes to comply with GDPR’s ‘security by design’ clause. This may have been driven by fear of early sanctioning, but any programme that makes software engineering more secure can only be a good thing. Alongside this, we are now seeing Since GDPR came into effect, businesses have had to change processes to ensure their compliance with new regulations. Yet, voice- driven customer services remain an ‘elephant in the room’ for many businesses, exposing them to business risks. Whenever a customer calls a business, large quantities of personal data are collected.We willingly share credit card details in order to secure a restaurant booking.We discuss our health to reschedule a doctor’s appointment.We still provide responses to Know Your Customer (KYC) questions In GDPR’s first year, the regulation has introduced greater data hygiene into enterprises. Organisations have been forced to take a more proactive approach to protecting and managing the data of European citizens. In order to do this, they have had to ensure they have insight into the various data pools, often kept in different departments, and identify whether permission to use personally identifiable information (PII) has been obtained. In many cases companies have over- reacted and deleted entire data pools that did not meet the requirement of double opt-in consent, often due to a lack of understanding of how to treat the data pools correctly. Huge waves software security being discussed at board-level, whereas before it was treated as an exercise in compliance. Security is no longer seen as a ‘nice to have’, but a business-critical asset. GDPR has spurred legislators into action elsewhere. Across the US, France and the UK, we’ve seen 19 government bodies calling for better software to prove our identity before accessing telephone banking. However, we don’t know how this information is being stored and used. Under GDPR, consumers have the right to know and businesses are responsible for ensuring that all personal customer information is protected. This is where voice intelligence technology comes in. Powered by AI, it allows sensitive information, such as credit card details, to be collected securely and instantly verified outside of the main agent-customer conversation. Voice-to-text solutions, for example, can immediately take a phone call and of last-minute consent collection initiatives were started to gain contacts’ permissions. In many cases, these did not have the desired effect and led to databases being reduced considerably. Companies have had to put in place technology that helps them control and protect digital assets and reconcile the disjointed conversations between departments to produce the shared insight necessary to update an organisation’s security posture. Processes are now in place to manage the data more effectively, as companies have gained a better understanding of where they store PII and who has access to this – necessary to be able to comply with reporting requirements in case of data loss. Staff have gained a better level of governance. Recent knock-on effects include IoT software supply chain legislation in France and proposals to regulate IoT device security. This demonstrates a remarkable shift in outlook towards device and software security. convert it into an easily searchable digital form, with personal customer information blacked out via a process of data redaction, giving businesses an extra layer of protection in case of any hacks or data leaks. Perhaps, most importantly, speech analytics can be used to demonstrate compliance with GDPR, a crucial aspect of the regulation. Demand for voice-led customer service is only going to grow. If UK businesses want to remain GDPR compliant, while enabling growth and improving customer experience, they must focus on securing their voice- driven communications. understanding about the protection goals and measurements and we can expect future data collection to be based on the privacy by design concept. Implemented processes build the foundation to be able to report data losses. While GDPR has introduced greater data hygiene, it has also increased bureaucracy. A host of templates and forms have emerged to keep track of processes and prove compliance for the whole data management/ processing supply chain. So far, there is no standardisation in place to simplify these processes with unified templates, but pending certification processes based on article 42 of GDPR will introduce a voluntary process to assist in demonstrating compliance. GDPR and software governance Ilkka Turunen, Global Director Solutions Architecture at software governance and automation experts Sonatype, considers the impact of GDPR on software design GDPR and CRM Piergiorgio Vittori, Global Development Director at Spitch, a leader in AI-fuelled spoken language technology, points out the need to secure voice-driven communications GDPR and data hygiene Rainer Rehm, Data Privacy Officer EMEA at security as a service company Zscaler, looks at the impact of GDPR on data hygiene Ilkka Turunen Piergiorgio Vittori Rainer Rehm