Subscribe
  • Home
  • /
  • CX
  • /
  • POPIA: Is your contact centre compliant?

POPIA: Is your contact centre compliant?


Johannesburg, 29 Oct 2021

The Protection of Personal Information Act (POPIA) is now in full effect in South Africa and, after all the preparations and announcements, can you strongly agree that your contact centre is compliant? If not, you may end up in serious trouble with the law.

Most of us can agree that POPIA has the harshest effect on the contact centre industry mainly because few organisations deal with as much personal information as contact centres.

Whether they deal with sales, debt collection or general customer outreach, contact centres need to have as much relevant information as possible about the people they're contacting. It is therefore pivotal that they pay extra care when ensuring that they’re POPIA compliant.

It is essential to remember that POPIA is there to encourage the flow of information utilising secure protocols and ensuring responsible use, which aligns with the constitutional right to privacy. Call centres are only allowed to use data for the purpose for which it was collected.

They’re not allowed to contact consumers for any reason other than that for which they have given consent. If a customer requests to be taken off the call centre’s database, the entity involved is obliged to do so immediately.

More about POPIA: https://popia.co.za/

Now, what can you do to ensure that you are compliant?

  • Obtain legal advice:

To fully comply with the law, you need legal advice. As a business, you need assistance with ensuring compliance with the legislations proposed by POPIA.

You need a legal team that will offer legal advice and identifying areas of your business that are non-compliant and seek to develop strategies to get you there, such as setting up contracts internally with staff as well as making sure that the communication has gone through to the clients correctly about POPIA.

  • Be mindful of access control:

This means that security measures such as encryption, firewalls, anti-virus, backups, disk encryption for mobile hard drives and devices need to be implemented. These all need to be in accordance with internationally accepted standards.

As ScopServ Integrated Services, we have ensured all our contact centre solutions are compliant globally. The myriad clients that use our systems need to rest assured that we meet all required criteria for POPIA.

  • Training for your contact centre team:

You cannot hope that your team can adequately protect customer data in line with POPIA  when they don’t have an accurate understanding of the data in their possession. As such, it’s important that you document the categories of data subjects within your company and describe the personal information that is processed for each.

Using the categories of data subjects you’ve defined, you can map the flow of personal information into, through and out of your business, including external parties that have access to that information.

It would also be helpful to appoint a data privacy team who will be responsible for reaching and maintaining POPI compliance. You can include representatives from each data subject category (including HR, sales and marketing) and from functional areas, such as technology, operations and information security.

Other factors to consider:

  • Ensure that your contact centre obliges to customers’ right to request deletion, correction or destruction of personal information.
  • Equip your contact centre workers for secure remote work.
  • Ensure that your data centre is compliant (from a security perspective).
  • Responsibly report any data breaches. 

Share