GDPR for the collections industry: 7 pillars of compliance

GDPR for the collections industry: 7 pillars of compliance


Long-awaited and much-discussed, the EU General Data Protection Regulation (GDPR) is finally here. The legislation comes into effect on 25 May 2018 and is designed to significantly increase personal data protection for EU citizens. As well as elevating protection for individuals it imposes far harsher penalties for those in violation of the rules. So, collections firms must ensure their data policies are up to date.

There are several areas that apply to the whole organisation such as giving customers details about how you are using consumer data in a way that is easy to understand; transferring data to another party on a customer’s request and notifying customers and authorities of breaches.
QUALCO has also identified seven pillars of compliance that specifically affect the collections industry:
  • The transfer of data to third parties
  • Customer consent
  • Auditing
  • Removal and deletion
  • Access controls
  • Right to restrict
  • Data portability and the right to data access
QUALCO Collections & Recoveries manages accounts at all stages of the delinquency lifecycle and the system is fully adapted for GDPR. Here is a checklist of capabilities you need to ensure you have covered:

1.Data Transfers to 3rd Parties

  • Ensure third-party suppliers adhere to the legislation
  • Use a secure network for data exchange
  • Ensure sensitive data is not shared
  • Monitor password policies and authorisations.

2.Customer Consent

  • Obtain valid consent from individuals. Silence, pre-ticked boxes or inactivity no longer count
  • Keep records to demonstrate consent has been given.

3.Records of Data Processing: Auditing

  • Keep records of data processing activities
  • Make it clear what, where, how and why data was processed
  • Make records available to the supervisory authority on request.

4.Removal and Deletion: Data Pseudonymization

  • When required ensure all traces of personal information are wiped from your systems
  • ‘Pseudonymise’ account and customer-level information.

5.Access Controls

  • Make sure staff can access to no more than the data needed to do their jobs
  • Invest in technology that help better manage access to data.

6.Right to restrict

  • Systems must include the ability to suspend or cancel the management of a case
  • Create an area where data cannot be accessed while in restriction
  • Record these processes for GDPR monitoring purposes.

7.Data portability & the right to access data

  • Export personal data speedily and effectively if the customer seeks access
  • Include identity information and digital attachments such as credit agreements
  • Record access for GDPR monitoring purposes.
QUALCO Collections & Recoveries is configured for all these eventualities and offers a smooth transition process for those concerned with the requirements of GDPR. That means collections teams can focus on their core business, safe in the knowledge they are meeting their obligations.
Data Protection - Collections Systems' Compliance for GDPR