Data Transmission Compliance
The General Data Protection Regulation (GDPR) is designed to protect the privacy of European Union (EU) residents with a focus on the control of their Personally Identifiable Information (PII). In order to meet these regulatory requirements, organisations are now faced with the need to implement workflows & processes that support the proper handling of customer data. With 20+ years of experience in case management, Civica’s solutions place a strong emphasis on the management of data in terms of security and transmission. Our Case Management platform is specifically designed to empower organisations to effectively address the demands of GDPR and its compliance implications. A specific feature of our Casework Management platform, in-line with the intent of the GDPR, is the secure transmission of data between organisations and their customers.
Importance of Communication
GDPR-friendly case management is characterised by workflows that are intuitive while remaining secure. This can pose a challenge, as constant back-and-forth communication play a vital role in every case’s lifecycle. For example, when a customer exercises their GDPR-granted right to modify their private data, each party needs to fulfil their responsibilities in terms of:
- Identity verification
- Providing information on request in a timely manner
- Confirmation of all actions taken
- Internal reviews, analysis, and validations
- Sharing confidential content, often between several recipients.
All these responsibilities require communication between compliant-minded organisations and their customers. Critical vulnerabilities arise when sensitive communication takes place in an unsecure environment, such as via 3rd party email clients. In fact, the sending of private data over any unsecure channel poses an immediate risk to all stakeholders. When developing our GDPR-focused Case Management Platform, we realised that this issue would play a pivotal role for organisations that need to balance regulatory compliance with easy-to-use security features.
Self-contained Security
To facilitate customer security, Civica's Case Management platform takes a self-contained approach to data security. Key features that support this initiative include:
- Integrated Communication - All communications between your organisation and your customers can be performed directly from the Case Management platform environment. Customer records, which can include a wide variety of configurable data fields, are associated with cases and are likewise tied to all communications. Frontline staff and case handlers simply need to follow the recommended tasks which include the sending of messages to your customers — these messages are template-based, pre-populated with case-related content and can be sent securely.
- Secure Transmissions - Keeping in mind the origin of GDPR—which is focused entirely on the securing the sharing of private data—Civica's Case Management platform features a “Send securely” option for all customer messages. This system is designed to keep all customer data within the safe confines of the Case Management platform. Your customer’s sensitive data stays within the system at all times.
Secure Messaging
The “Send securely” feature ensures that all customer communications are stored—and are accessible from—the Case Management platform environment. When an employee completes a customer message, including selecting any attachments, they simply need to tick the “Send securely” checkbox. Doing so creates a unique password which is sent as a SMS message to the customer’s mobile phone; in parallel, an email is sent to the customer informing them that they have received a message from your organisation. This message includes a URL link that, when clicked, takes the customer to the secure Case Management platform environment where they are prompted for the password previously sent to their mobile phone. After entering the password, the customer can view your confidential message which may include sensitive information, such as customer data, attachments, recordings, personal data and so on. The end result are customer interactions that protect your customer’s private data, which is consistent with the intent of the GDPR. By centralising all content within a singular environment—and securely controlling access—your organisation can avoid the risk of compromising data transmissions while remaining GDPR compliant.
Workflow Integration
Civica's Case Management platform tracks & records activities for both compliance purposes and to facilitate intuitive and straightforward workflows. In addition to a “What next” panel, which displays a progressive list of tasks that support your workflows, a “What’s done” panel provides an immediate retrospective into actions previously undertaken. Recorded actions include the use of all messaging features, such as secure email passwords sent via SMS and communications sent in relation to GDPR consumer rights. Case handlers have a wide range of actions they can take, including:
- Determine whether a customer message has been opened or not
- View sent messages • Coordinate with calendaring functionality for scheduling
- At-a-glance date & time stamp display for all completed tasks.
In addition, all new cases are immediately assigned a unique reference number. This number is automatically inserted into the subject line of new e-mails. When a customer sends a reply, the system recognises the code and associates the message with the customer’s case file. From a management perspective, this means that all messaging is automatically associated with its respective case.