Over the last 20 years, technology has dramatically changed, particularly within the e-commerce sector. Proposals for new data protection legislation by the European Commission began in 2012, and the process should be completed by the end of 2015 ready to come into effect in 2017.
So, what has been changed so far?
The current legislation is a directive – meaning that certain guidelines are laid out however each individual state is free to decide how they include these in their own national law; however the new legislation is a regulation, a binding legal force throughout every state and will come into force on a set date.
The new regulations also contain major changes to the way in which companies should implement data security policies, stating that they should “implement technical and organisational measures to ensure a level of security appropriate to the risks” and that personal data should be encrypted, rendering it unintelligible to third parties in the event of a data breach. This raises issues when taking payments via the telephone as many organisations feel the need to record all calls for auditing and training purposes, as personal details like card numbers may be kept in these recordings.
Whilst the PCI Security Standards Council already monitors this, new EU legislation will further enforce this into UK law, and with expected introduction set for 2017, this is something which all businesses should be looking into carefully to check they are compliant.
Our ‘PCI Agent’ solution allows for your customers to benefit from a secure and unique transactional environment where they remain on the call, entering their own information, without being passed over to a separate payment IVR and (if required) recording the calls in a fully PCI DSS compliant environment. You can read more about it here.
To make an enquiry, or for more advice on compliance, please contact us today. Our experienced team are always on hand to help, whatever your question may be.