The General Data Protection Law (GDPL) in Brazil and the General Data Protection Regulation (GDPR) in the European Union are landmark laws for the privacy and protection of personal information, aiming to give consumers rights over what, how, why and where their data is used and for what purpose by a business.
The leakage or inadequate treatment of information is permanent. It is the responsibility of a business to protect and properly manage that information in an uninterrupted and sustainable way. Compliance with GDPR and GDPL laws is crucial in customer service and support operations, which involve the daily handling of customer data. There are several steps an organization can take regarding service and support to help keep customer data secure.
The GDPL and GDPR are not impediments. Instead, organizations should use them as a reference to structure their technology architecture to provide security to their support services for users, partners and customers. To achieve this, GDPL and GDPR compliance must be part of the organization’s DevOps and technology governance structure and practice.
The first — and fundamental — step companies need to take is to establish a matrix of roles, boundaries, and responsibilities to determine access levels for each type of profile, which actions are allowed and which are blocked within the production environment. For this matrix of responsibilities, the focus should be to establish the smallest possible group of people with full access permissions.
Another necessary step is to design audit processes over the support environment in conjunction with DevOps and governance processes to ensure continuous control of access, permissions, and data flow.
The goal is to have a controlled cycle so that the organizations and their support partners act in accordance with the GDPL and GDPR, even in an environment of daily high data volume.
To get help with your support strategy, visit OSF Digital’s Support & Maintenance Services page.
