Helping customer service become GDPR compliant

The EU General Data Protection Regulation, GDPR, is set to come into force on May 25th 2018. It’s legislation that grants and protects the rights of individuals - our customers and their customers as well - in regards to how their personal data is collected and processed.

Since customer service agents work with personal data every minute of every day, GDPR will have a huge impact on the operation of most call and contact centers. In most companies supporting technology needs to be reviewed, data flow mapped, new processes will have to be instated and agents trained.

As a vendor of customer service technology that helps businesses talk to and store their customers’ data we are fully committed to not only be GDPR compliant ourselves, but also help you get there.

Does GDPR affect me?

Most likely yes. If your company processes the personal data of people (data subjects) residing in EU you’re affected. It doesn’t matter where the processing itself takes place; even if both your company and servers are based in the US - or anywhere else for that matter - you’ll still be affected.

So, what’s all the fuss about? Well, let’s have a look.

New rights of data subjects & what we’re doing

We’re building new features that will enable you to comply with your customers’ GDPR-related requests, most notably the right to be forgotten and right to access their data.

The right to be forgotten

Data subjects will have the right to have their data deleted - and be effectively forgotten - upon request. To handle this we’re implementing a feature that irreversibly anonymizes a contact’s details. In other words we won’t delete the data, which will still be there for reporting purposes, but anonymize it in a way that makes it impossible to trace any interaction back to the data subject who also will no longer be identifiable.

As a part of this, we’ll also be able obfuscate the content of emails & chats as well as delete voicemails & call recordings as these will often contain the exchange of personal data.

We expect anonymization instead of deletion to become the industry standard as it retains all the stats that a contact center needs for reporting purposes.

The right to access & data portability

In short, customers can request access to all their data, which will include data stored in Dixa. Businesses are required to deliver these in an electronic format, and data subjects may pass this on to other companies.

Please be aware that when you get such a request, you will have to state where and justify why you collect and process their data.

We got a request - what do we do?

Just send us an email on in which you clearly identify the contact and nature of the request. We’ll take care of the rest :-)

New terms & conditions plus a data processing agreement are in the works

UPDATE, May 24th: We've updated both our Terms of Service and our Privacy Policy as well as sent out data processing agreements to all paying customers' billing email addresses.

Very soon we’ll be updating our T&C to comply with GDPR ourselves, and we’ll have a data processing agreement (DPA) ready to sign upon request for those customers who  need it.

In conjunction with the T&C update we will also be collecting express consent to process our customers’ data, which is another requirement of the GDPR.

Consent & call recording

While many countries have demanded that people be informed when recorded, now GDPR requires the express and informed consent in the form of a positive opt-in of each individual. This is a pretty big change. How you go about getting consent isn’t up to us, but we thought we might give you a tip for call recording specifically.

You can build an IVR into your call flow that has a two-way split: One to a queue without call recording, and one to the same queue with call recording. Inform customers correctly in the IVR announcement and you will have obtained the required consent for recording.

I have questions - who do I contact? That’ll be Jacob

We’ve appointed Jacob Vous Petersen, our CTO and co-founder, as Data Protection Officer. It’s his job to oversee our data management, including the data flow and processing of, well, everything.

You can get in touch at