GDPR for the collections industry: 7 pillars of compliance
Long-awaited and much-discussed, the EU General Data Protection Regulation (GDPR) is finally here. The legislation comes into effect on 25 May 2018 and is designed to significantly increase personal data protection for EU citizens. As well as elevating protection for individuals it imposes far harsher penalties for those in violation of the rules. So, collections firms must ensure their data policies are up to date.
There are several areas that apply to the whole organisation such as giving customers details about how you are using consumer data in a way that is easy to understand; transferring data to another party on a customer’s request and notifying customers and authorities of breaches.
QUALCO has also identified seven pillars of compliance that specifically affect the collections industry:
The transfer of data to third parties
Removal and deletion
Right to restrict
Data portability and the right to data access
QUALCO Collections & Recoveries manages accounts at all stages of the delinquency lifecycle and the system is fully adapted for GDPR. Here is a checklist of capabilities you need to ensure you have covered:
1.Data Transfers to 3rd Parties
Ensure third-party suppliers adhere to the legislation
Use a secure network for data exchange
Ensure sensitive data is not shared
Monitor password policies and authorisations.
Obtain valid consent from individuals. Silence, pre-ticked boxes or inactivity no longer count
Keep records to demonstrate consent has been given.
3.Records of Data Processing: Auditing
Keep records of data processing activities
Make it clear what, where, how and why data was processed
Make records available to the supervisory authority on request.
4.Removal and Deletion: Data Pseudonymization
When required ensure all traces of personal information are wiped from your systems
‘Pseudonymise’ account and customer-level information.
Make sure staff can access to no more than the data needed to do their jobs
Invest in technology that help better manage access to data.
6.Right to restrict
Systems must include the ability to suspend or cancel the management of a case
Create an area where data cannot be accessed while in restriction
Record these processes for GDPR monitoring purposes.
7.Data portability & the right to access data
Export personal data speedily and effectively if the customer seeks access
Include identity information and digital attachments such as credit agreements
Record access for GDPR monitoring purposes.
QUALCO Collections & Recoveries is configured for all these eventualities and offers a smooth transition process for those concerned with the requirements of GDPR. That means collections teams can focus on their core business, safe in the knowledge they are meeting their obligations.