How Consumer Rights are Changing Customer Engagement

How Consumer Rights are Changing Customer Engagement

Kayleigh Reid

15th March 2021  |  Customer engagement

The world of customer engagement has rapidly changed over the past year, with businesses navigating the unpredictable landscape of consumer behaviour during a global pandemic; and those who chose to quickly adapt have generally managed to weather the storm. 

When the average consumer’s behavior is predictable and stable, reimagining a customer strategy is challenging enough, but when every day life changes at a rapid and radical pace, it can almost seem impossible.

Combining consumer behavior changes with the evolving world of consumer rights, business leaders are not only forced to re-think digital transformation agendas but also ensure that the evolving regulations of consumer data and business cyber security are adhered to. 

How THE contact centre is central to meeting consumer rights

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). But what does this mean for contact centres, and for the average consumer receiving calls or communicating with a business?

Over the past few years, the online customer market has drastically changed, with consumers demanding more transparency over the privacy of their data and personal information. Consumers want to have more control of when they are contacted by having an opt-in or opt-out options, they want to know how someone got their information, and that  any information they have shared is stored securely.

The GDPR has strict rules called data protection principles which ensures information is used fairly, lawfully, and transparently across businesses in the UK and Europe. The penalties for not adhering to these laws are hefty, and come at a cost of 20 million Euros or 4% of the global turnover of companies, whichever is greater!

Under this act, any consumer has the right to find out what information the government or other organisations has stored about them.

Current Challenges Contact Centres Face 

Contact Centres are on the front line when it comes to handling customer information, so it is of paramount importance that they follow  all consumer laws to their full extent.

What are some of the challenges contact centres face when following the GDPR law? 

Customers’ information is now scattered everywhere and businesses now hold the legal responsibility of keeping this information up to date and secure. Omnichannel engagement is a strategy that many organisations are implementing, which allows businesses and customers to communicate across various channels and securely share their information. Data is shared through text, telephone, email, webchat, and social media. In addition,  some calls are recorded, with information being stored in the cloud.

Things have changed drastically over the years and the new benefits of GDPR mean that consent is paramount. GDPR provides maximum importance to consumer consent. Companies need to be explicit about the type of data that they will collect as well as how they will process it. At Connex One, when dealing with consumers making payments over the phone, the recording function is temporarily stalled, allowing for full privacy and maximum security.

Another successful milestone for GDPR is that it provides consumers with the right to be forgotten. For example, when a consumer shares their credit card details with a company today, they can at a later stage request them to delete the information or their entire account. This was not the case before the GDPR laws were implemented.

Because contact centres are on the front line when it comes to the GDPR law, it also means they are forging the way when it comes to improving these laws and going the extra mile for their customers. So why is it so important that consumers know how their data is being stored, and which organisations are doing more to ensure this?

Below we explore some changes your business can implement to ensure best practices and adherence:

Make sure the organisation has a specific person dedicated to monitoring the GDPR compliance laws

These new data norms expect companies to appoint a dedicated GDPR officer who will be responsible for following all compliance norms. The laws continuously change, and you need to be able to keep up. If your organisation is operating in multiple countries, that means you have to adopt a global compliance approach and adhere to every country’s law. 

At Connex One,  our dedicated Global Compliance Director Beth Longthorne ensures consistent compliance with the up-to-date latest legislation and regulations regarding data and processing information, not only in the UK but globally, as the business has a global client base. 

All businesses that operate across different countries must be aware of and review data localisation laws and remain on top of the varying consumer rights from country to country and state to state. “We are currently reviewing the trade deals in relation to Brexit and whether an adequacy decision will be adopted, or where the bridge ends in regards to customer data”, says Beth Longthorne,  Global Compliance Director at Connex One.

Does the organisation have internal controls?

There are several internal controls an organisation can implement to ensure you are managing obligations, complying with data protection acts, and protecting personal data.

Using IS0 27001

ISO 27001, is the international standard for an ISMS (‘Information Security Management System) specifies the requirements for – and provides guidance for establishing, implementing, maintaining, and continually improving – a PIMS (Privacy Information Management System) based on the requirements, control objectives, and controls in ISO.

Companies that utilize ISO 27001 can extend their ISMS to cover privacy management which includes data processing. It’s also a mechanism that can assist with protecting and managing all your organisations information through risk management.

By utilising ISO 27001 you can easily demonstrate that necessary measures have been taken to comply with the data security requirements of the GDPR, that all corporate information and intellectual property has been protected, consistently remain up to date on security threats, and ensure a culture of awareness is installed surrounding information security.

Having a Cyber Essentials Plus Certificate

Cyber Essentials Plus Certificate is a UK Government-backed scheme that will help you to enhance your businesses cyber security practises and protect your organisation against a variety of common cyber attacks. Utilizing the Cyber Essentials Plus certificate ensures a hands-on technical verification is carried out. By incorporating these measures into your organisation, you reassure customers that you are working to secure your IT against cyber attack, and establish a clear picture of your organisation’s cybersecurity level. Achieving this standard is also an important requirement for many businesses that work with Government branches or agencies. 

Implement Regular Organisation E-learning Modules

It’s important to find an organisation that empowers its employees with E-learning modules, especially on data protection and best practices for both internal processes and when working with customers.

One of the most preferred methods is a mandatory E-learning module with a  required test evaluation. This ensures employees understand the importance of confidentiality and integrity when handling customer data, as well as the significance of availability of the businesses network, software, and technologies.

Flexibility on Retention Periods

Do consumers really know for how long their data is being stored? It is important to understand for how long your data is protected and kept within an organisation. At Connex One, clients have the flexibility to dictate their retention periods which allows us to follow our client’s procedures and frameworks.  Connex One has also built in reminder features for renewing contracts and data permissions.

Ensuring your organisation is up to date on following GDPR laws is great for customer satisfaction rates and boosting the overall business reputation. Connex One is committed to consumer and client-data privacy/ security and we make sure our customer’s rights are always protected.

Logging Customer Communication Preferences

A great way to achieve customer satisfaction is to respect and adhere to customer communication preferences. This can be done in various ways such as logging preferences with Omnichannel functionality, opt-in options across online sign-up forms and integrating with existing CRMs for maintaining up-to-date customer databases. Empowering the consumer to own and act on their rights not only enhances business compliant measures, but overall, enhances transparency and trust amongst consumer and organisation.

ADHERING TO Consumer Rights without the hassle

Though businesses and their contact centres should strive to remain compliant, achieving various accreditations such as ISO and Cyber Essentials can be a lengthy process.

Connex One’s accreditations and certificates for Customer Data and Cyber Security

However, the task of meeting consumer rights regulations can be achieved more efficiently by choosing a supplier of contact centre software that is already thoroughly vetted, as this enables businesses to outsource the risk and assure the highest levels of security and compliance.

For more information on how Connex One can help your contact centre to meet privacy and data regulations, get in touch with our team at or request a free demo of our platform here.