2. Topic
• Why Non-European Region Matters?
• Which industry shall prepare for?
• What should be prepared?
Eugene Lee / eugeneleework@gmail.com 2
3. Why Non-European Region Matters?
• Because…
• European Citizen, include travel/work outside EU regions
• Personal Data “Travel” around the world
• Organization is the “Controller”
• Controller responsible for Data Security
• even Outsourced to 3rd Party
• Customer also know their own Rights
Eugene Lee / eugeneleework@gmail.com 3
4. Which industry shall prepare for?
Eugene Lee / eugeneleework@gmail.com 4
• Industries that provide services to individual
customers
• Whoever have “individual member data”
• Financial services
• Insurance
• Call Center
5. Call Center - I
Eugene Lee / eugeneleework@gmail.com 5
• Justify the requirement to…at the first place
• People who involved, MUST given consent to be
recorded
• Recording is necessary for
• Protect the interests of individual
• Public interest for official authority
• Legitimate interests and Legal Requirement
• Fulfilment of a contract
6. Call Center - II
Eugene Lee / eugeneleework@gmail.com 6
• Right to be forgotten
• Data transfer, Visibility and Access to registered data
• Where the Data Stored, Relevance, Accessibility (how
individual can maintain personnel data)
• Beyond the card data
• PII such as Personal, Customer and Employee data
• Legitimate Contact
• Privacy Shield and GDPR contact of authority
7. If we are PCI-CSS Certificate?
Eugene Lee / eugeneleework@gmail.com 7
• Encryption, Auditing, Logging, Monitor
• Analytics the flow of data
• Capture and analyze customer interaction
• Annual Reviews of the processed card data
8. What should be prepared?
Eugene Lee / eugeneleework@gmail.com 8
• Processing Flow and Method of personal data
• Include Employees, Customer, and Sales Contacts
• Consent Page for new and existing individuals
• Include actions before take recording
• IVR and/or CRM systems
• Support self-service access/approach?