But what’s staggering is the number of business owners are still in the dark over what GDPR is, and what it means for their business. And while most believe that GDPR will only impact their IT systems, the fact is that GDPR affects every aspect of your business, including how you handle late payments and debt collection.
What Is GDPR?
What is this big bad acronym that has business owners panicking like this? GDPR stands for General Data Protection Regulations, and it’s essentially the EU’s answer to the Data protection Act. However, unlike previous EU directives (which countries can choose to implement or not, and how), this is a regulation. This means it will apply to all EU countries in exactly the same way. It also reaches outside of the EU to any organisation that handles EU citizen’s data, regardless of their location in the world. The regulation is actually already in place – we are partway through a transition period that allowed businesses to get their house in order before the regulation comes into effect on the 25 May 2018.
The aim of the regulation is to unify and standardise data protection policies, shoring up weak spots and creating a strong base for personal data protection. The regulation provides a single set of rules for all member states to follow (including mandatory security notifications, new rules around user consent, a clearer definition of what could be personal data and greater rights for people to access and request deletion of the information companies hold on them). A special council will be created to oversee sanctions and provide guidance.
What Does This Mean For Debt Collections?
Data is the lifeblood of the collections and recoveries process. When businesses hire us in to help them with collections, they hand us data on the customer so that we can do our job properly. Similarly, when they start the collection process in-house, that data is used in a different way to its original intent - an area that GDPR is very specific about.
With so much emphasis on data privacy, it’s important to understand how GDPR will affect your collections process. If you are handling late payments and debt collections internally then it’s simply a matter of understanding how the customer data flows throughout your business, identifying at what point it should be destroyed and creating documentation to support it. This is called a document lifecycle diagram - it starts at the point that the data enters your business, and ends when the data is no longer needed and can be destroyed. But rather than putting the destruction point as ‘once delivery is completed’, for example, we recommend you designate data destruction to happen after payment has been received from the customer in full, to allow you to keep the data you need to retrieve payments.
If you outsource your debt collections, then there is an extra step to consider. In this scenario, you will be releasing personally identifiable data to a third party for collection- which means you need consent from the individual in order to do that. Since getting their consent at the point you need it might be difficult, you may need to introduce a debt collection rights clause into your contracts, terms and conditions. This means that by working with you, your customers agree to have their information passed on to a third party debt collection agency in order to settle their accounts. It’s important to remember that you will need to pass this by a lawyer and GDPR expert to ensure you’ve covered all of your bases.
At Debtcol, we understand the enormous range of changes that businesses are going through to get ready for GDPR. After all, nearly every element of your business will be affected by GDPR, which means you need to spend more time working on your compliance, and less time worrying about collecting late payments. At Debtcol, we pride ourselves on our professionalism, efficiency and security, ensuring your customers data is treated with respect and security at all times. For more information on how we can help you reduce late payments and collect on overdue accounts during the GDPR transition, just get in touch with one of our expert team today.