December 2, 2021

Volume XI, Number 336

Advertisement
Advertisement

December 01, 2021

Subscribe to Latest Legal News and Analysis

November 30, 2021

Subscribe to Latest Legal News and Analysis

November 29, 2021

Subscribe to Latest Legal News and Analysis

Italian Data Protection Authority Releases New Guidelines and Requirements for Customer Call Centres Based Outside the European Union

New legal requirements have been introduced as part of the Italian Data Protection Authority (IDPA) guidelines on the processing of personal data by call centers based outside the European Union.

One of the most significant changes is that companies wishing to operate their customer care services via call centres based outside the European Union will now be required to notify the IDPA in advance.

The new guidelines have been put in place in order to establish specific rules to manage the use of call centers, which have become increasingly popular with companies in the past few years, primarily because of their perceived efficiency and cost-savings advantages.

Many companies have adopted the call center approach for their customer service operations, which necessitates the transfer, processing and storage of personal data.  When the call centre is based, and its operations are carried out, outside the European Union, there is an increased risk to the security of this data.

For this reason, the guidelines require that the Data Controller, i.e., the company based in Italy that is operating its customer services through a call centre outside Italy,

  • Adopts at least one of the mandatory approaches to legally transferring personal data outside the European Union, e.g., Safe Harbor, Standard EU Commission Clauses or binding corporate rules

  • Implements specific security measures to prevent the risk of loss, theft or unlawful processing of personal data.

The guidelines outline specific structures and features for customer services management systems and provide detailed precautions to be applied to communications equipment used by call centre personnel.

Once the guidelines have been published in the Italian Official Gazette, any company wishing to locate its customer care or call centre services outside Italy will be required to file a notification with the IDPA.  The IDPA might prescribe specific requirements with which the company will have to comply in order to obtain permission, or give recommendations aimed at ensuring ongoing compliance.  There will be a specific procedure and paperwork for applying for permission and complying with the IDPA’s requirements.

Companies that already operate customer services through call centres based outside the European Union will be required to notify the IDPA within 30 days of the publication of the guidelines in theItalian Official Gazette.

© 2021 McDermott Will & EmeryNational Law Review, Volume III, Number 325
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

 McDermott Will & Emery helps clients integrate their approach to data privacy

Data privacy and security are critical elements of risk management for every company. McDermott's global Data Privacy practice includes more than 50 attorneys worldwide who help our clients manage that risk. We have expertise across the full range of data privacy and protection laws, industry standards and issues. McDermott lawyers represent clients, large and small, from all business sectors, including technology; retail; telecommunications; health care and life...

312 984 6471
Advertisement
Advertisement
Advertisement