Data Privacy really began in Europe in 1981 with the Council of Europe adopting the Data Protection Convention rendering the right to privacy a legal imperative. In 1995, the European Data Protection Directive published Directive 95/46/EC which obliged each member state to create its own legislation and infrastructure for regulating the collection, storage and access to data held on individual citizens. Hospitals, Banks and Government departments were already practicing personal data protection and security so personal data security and trust was nothing new.
This new 1995 directive had two main areas of weakness:
GDPR began rearing its head in April 2016 amongst the business community when it was adopted by the EU as Regulation (EU) 2016/679. The importance of this regulation is the protection of natural persons of the EU (people who live there) and the processing and free movement of their personal data and has a far-reaching effect on how businesses and individuals work with personal data.
As the Controller (owner or collector of the data) and Processor (a person or company that handles the data on behalf of a Controller) of personal data, it was extremely important for VoiceSage to be able to demonstrate to its customers its capability of protecting its own data, as well as that of its customers.
It is therefore extremely important for VoiceSage to demonstrate its ability to identify, manage and reduce the information security risks to protect its information and personal data assets .
It is any information relating to an identified or identifiable natural person (Data Subject). The GDPR clarifies this further:
“An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Under the new regulations, it’s up to the organization using the data to prove that they are doing so legally. Much discussion around the GDPR cites explicit consent as necessary for any use of personal data. Consent is only one of many requirements. Five of the most important being:
With the growing prevalence of information security threats to businesses and individuals, VoiceSage began the ISO27001:2013 security journey in October 2017 and decided to combine the implementation of this certification with the attaining of GDPR compliance and work towards other certifications as required.
VoiceSage attained ISO27001 certification in February 2018 which emphasises the fact that VoiceSage has clear and efficient policies and procedures combined with a high level of security infrastructure in place to protect the personal data it processes and the people it employs.
While no technology or systems are infallible to the data ‘terrorists’, VoiceSage has procedures in place to act quickly and efficiently on detection of a data breach.
Further, VoiceSage has implemented a continuous improvement culture amongst its staff for the upskilling of Internet and data security and this culture is also embedded in the work we do.
ISO27001 and the VoiceSage staff are the keys to ensuring the Confidentiality, Integrity and Availability of a Data Subjects data at VoiceSage.
VoiceSage is GDPR compliant as we have implemented the additional policies, procedures and staff training that is required, on top of what was required for achieving our ISO27001 certification. Once GDPR certification is available, VoiceSage will apply for certification.
Our policies and procedures (say what we do and do what we say) are instrumental in providing our customers, staff and suppliers with the knowledge that VoiceSage has implemented and is able to demonstrate its abilities as both a Controller and Processor of personal data.
Book a demo with one of our customer engagement experts.
See how VoiceSage transforms outbound and inbound customer contact operations.