Data Transmission Compliance
The General Data Protection Regulation (GDPR) is designed to protect the privacy of European Union (EU) residents with a focus on the export of personal data. In order to meet these regulatory requirements, organisations are now faced with the need to implement workflows & processes that support the proper handling of customer data.
With over 18 years of experience in enterprise case management, iCasework’s solutions place a strong emphasis on the management of data in terms of security and transmission. Our Case Management Platform is specifically designed to empower organisations to effectively address the demands of GDPR and its compliance implications.
A specific feature of our Casework Management Platform, in-line with the intent of the GDPR, is the secure transmission of data between organisations and their customers.
Importance of Communication
GDPR-friendly case management is characterised by workflows that are intuitive while remaining secure. This can pose a challenge, as constant back-and-forth communication play a vital role in every case’s lifecycle. For example, when a customer exercises their GDPR-granted right to modify their private data, each party needs to fulfil their responsibilities in terms of:
- Identity verification;
- Providing information on request in a timely manner;
- Confirmation of all actions taken;
- Internal reviews, analysis and validations; and,
- Sharing confidential content, often between several recipients.
All of these responsibilities require communication between compliant-minded organisations and their customers. Critical vulnerabilities arise when sensitive communication takes place in an unsecure environment, such as via 3rd party e-mail clients. In fact, the sending of private data over any unsecure channel poses an immediate risk to all stakeholders.
When developing our GDPR-focused Case Management Platform, we realised that this issue would play a pivotal role for organisations that need to balance regulatory compliance with easy-to-use security features.
To facilitate customer security, iCasework’s Case Management Platform takes a self-contained approach to data security. Key features that support this initiative include:
All communications between your organisation and your customers can be performed directly from the Case Management Platform environment. Customer records, which can include a wide variety of configurable data fields, are associated with cases and are likewise tied to all communications. Frontline staff and case handlers simply need to follow the recommended tasks which include the sending of messages to your customers — these messages are template-based, pre-populated with case-related content and can be sent securely.
Keeping in mind the origin of GDPR—which is focused entirely on the sharing of private data—iCasework’s Case Management Platform features a “Send securely” option for all customer messages. This system is designed to keep all customer data within the safe confines of the Case Management Platform. Your customer’s sensitive data stays within the system at all times.
The Send securely feature ensures that all customer communications are stored—and are accessible from—the Case Management Platform environment. When an employee completes a customer message, including selecting any attachments, they simply need to tick the Send securely checkbox.
Doing so creates a unique password which is sent as a SMS message to the customer’s mobile phone; in parallel, an e-mail is sent to the customer informing them that they have received a message from your organisation.
This message includes a URL link that, when clicked, takes the customer to the secure Case Management Platform environment where they are prompted for the password previously sent to their mobile phone.
After entering the password, the customer can view your confidential message which may include sensitive information, such as customer data, attachments, recordings, personal data and so on.
The end result are customer interactions that protect your customer’s private data, which is consistent with the intent of the GDPR. By centralising all content within a singular environment—and securely controlling access—your organisation can avoid the risk of compromising data transmissions while remaining GDPR compliant.
iCasework’s Case Management Platform tracks & records activities for both compliance purposes and to facilitate intuitive and straightforward workflows. In addition to a “What next” panel, which displays a progressive list of tasks that support your workflows, a “What’s done” panel provides an immediate retrospective into actions previously undertaken.
Recorded actions include the use of all messaging features, such as secure e-mail passwords sent via SMS and communications sent in relation to GDPR consumer rights. Case handlers have a wide range of actions they can take, including:
- Determine whether a customer message has been opened or not;
- View sent messages;
- Coordinate with calendaring functionality for scheduling; and,
- At-a-glance date & time stamp display for all completed tasks.
In addition, all new cases are immediately assigned a unique reference number. This number is automatically inserted into the subject line of new e-mails. When a customer sends a reply, the system recognises the code and associates the message with the customer’s case file. From a management perspective, this means that all messaging is automatically associated with its respective case.