With February in full swing, the May deadline for GDPR compliance is fast approaching. This means that any business dealing with EU data is now scrambling to work out what they need to do, and what changes they need to make to the business to be compliant. In the process, many have been investing a significant amount in renewing their IT systems for security, hoping that will solve the majority of their compliance issues. But the truth is that GDPR doesn’t just affect your IT systems. It impacts the way you handle customer data at every stage of business, including payment and debt collection processes. Which begs the question, how do businesses manage their customer payment tracking and debt collection processes in line with GDPR policies.Consent Based Data ProcessingThe single biggest change from a customer’s point of view is the fact that the handling and processing of customer data will shift to a more consent-based model. This means that the individual will have much more control over what happens to their data and how it is used. When it comes to debt collection and similar services, such as tracing customers, the industry is facing some challenges. In order to ensure business can still claim money owed to them, while also protecting customer data, businesses need to work more effectively together to ensure that data is shared and used responsibly for mutual benefit. What we don’t want to happen is for the debt collection process to become any more complex for customers. So businesses need to communicate effectively about the benefits of sharing data, so that customers can make informed choices about how much of their data is shared and for what purpose. This also means that businesses need to make sure their contracts are updated to include a provision for debt collection in customer data use, to ensure they don’t end up in trouble.The Role Of Data Protection OfficersNow more than ever, it’s essential for all businesses to have an appointed Data Protection Officer in place to oversee and manage all data issues. It is this person who will be in charge of making sure that everyone involved in handling and processing data is doing their job properly at every stage of play.Under GDPR, there are 2 types of data processing to manage:Data Controller: Article 4 (7) of the Regulation says – “Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others determines the purposes and means of the processing of personal data.” In practice, this means the organisation responsible for making decisions about personal data – the business itself. For example, when a bank needs to open a new account for a customer, they will need to collect data, and this would be done in their role as a data controller.Data Processor: Article 4 (8) of the Regulation says – “Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” The most typical examples of a data processor would be companies providing outsourced services – such as HR, accounting or even debt collection. By working with the company, the outsourced provider will be dealing with or storing personal data in accordance with the instructions of the controller.When it comes to tracking payments and moving on to debt collection, both roles will be involved. In order to track which of your customers have paid and which haven’t, your business will be fulfilling the role of data controller. If you then outsource any element of the process – from creating invoices all the way through to collecting payments and initiating third party debt collections, you will also be employing a data processor. This means that in order to manage customer payments effectively and in accordance with GDPR, your business will need to appoint a Data Protection Officer to oversee the process and provide guidance.At Debtcol, we will be operating as a data processor for our customers, and as such will have our own Data Protection Officer in place. We view the privacy of our customers data as the most important part of our business, and will be working with our customers to ensure all GDPR processes are followed for all of our services, from outsourced debt collection to forensic investigations. To find out more about how GDPR will affect your debt collection process, or if you just want to ask us a question, just get in touch with us today.Share Useful links to related information A Beginners Guide To Debt Collection A Glossary Of Legal, Financial And Insolvency Terms The Cost Of Collecting Late Payments For Businesses Understanding Credit Scores Forensic Account Analysis – What You Need To KnowBACK TO IN THE PRESS