The General Data Protection Regulation, better known as GDPR, is a regulation the European Union (EU) that will take effect on May 25, 2018. This is a new law on data protection and privacy for EU citizens. There are also many other privacy and data protection regulations including state, federal and international laws which already exist.
The aim of the GDPR is to reinforce data protection rights of individuals and facilitate the free flow of personal data in the digital single market. This applies to EU companies and to all companies around the world that collect personal data of EU individuals.
What happens if companies do not comply? Penalties for noncompliance are up to $23 million (€20m) or 4% of worldwide annual turnover (whichever amount is greater). There is also a tiered approach to fines. According to the GDPR website, “A company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.”
Five9’s technology platform processes the data of EU residents so Five9 is preparing to support the GDPR regulatory compliance requirements. Five9 is also requesting our customers, otherwise known as the data controllers, notify us of their EU processing activities so we can maintain an accurate report of processing activity as required by the GDPR.
Five9 is evolving and improving our Virtual Call Center service to offer feature required for our customers to comply with the GDPR regulation. Areas we have improved include: information security, breach management, content management, data visibility, individual data rights management, and records management.
Five9 is focused on providing services to our customers, which enable GDPR compliance.
For more information about the GDPR, refer to the EUGDPR website and its glossary.
Melinda Bas is responsible for Five9’s Compliance and Technology Risk Management Programs. Melinda leads Five9 audits and programs including the Virtual Call Center (VCC) annual SOC2 Type2 audit, the PCI DSS audit and the Privacy program currently focused on the European Union’s General Data Protection Regulation (GDPR). Prior to working for Five9, Melinda worked for multiple Industry Leaders in Technology including Oracle, Salesforce and Sun Microsystems. Melinda holds multiple industry certifications including iAPP CIPT, ISACA CISA, ISACA CRISC, and ISACA CISM. Melinda has a Bachelor Degree in Business Administration and Production Operations Management from California State University, Chico.
Call 1-800-553-8159 to learn more about Five9