Data protection in the debt collection context: How our data privacy officers work.
Data protection is not nearly as boring as it is made out to be, at least according to EOS Senior Privacy Officer Stephan Bovermann. In this article he discusses the challenges in international data protection and explains how EOS deals with sensitive debt collection data and why his job calls for a dynamic approach.
- When working in international data protection and data privacy, you encounter a lot of different interpretations of what this means in various countries. In these circumstances you have to find a suitable approach based on the general best practices.
- Nowadays, companies face considerable financial penalties if they fail to comply with data privacy regulations.
- The handling of sensitive data relating to debt makes data privacy in the debt collection context an especially delicate task.
- In an international corporation like EOS, the job of data privacy officer is very varied and demands a broad range of expertise.
Stephan Bovermann’s first dealings with data protection and data privacy were in 2007, when he was still an IT project manager. Since then he has been passionate about the issue. But it’s a passion that not everyone shares: “At that time data protection was still seen as a necessary evil. It was something that had to be done, but nobody enjoyed doing it, except me.” Over a decade later, following a career shift, he is responsible for data protection and data privacy provisions at the EOS Group in his capacity as Senior Group Privacy Officer. It is no easy task, but one that is multi-faceted.
As a company, you can do barely anything nowadays without data. And it is a lot of work to make sure that you are ‘complaint’ in every respect. But it’s an effort that definitely pays off for the company.
Despite the GDPR, every country interprets data privacy differently.
Previously, Stephan’s working week began at the airport on his way to one of the 26 countries where EOS has subsidiaries. Since the outbreak of the COVID-19 pandemic he does his job from home in Münsterland, Germany. At the computer screen he jumps from one meeting to the next and from one country to another. Keeping track of everything when you work in international data protection is often a major challenge. Although since the adoption of the EU’s GDPR attempts are being made to find a uniform framework for European data privacy, the harmonization of the regulations is still a long way off. Ultimately, every country has a different interpretation of the GDPR. “And if you look at Russia or America there are different regulations again,” says Stephan. In cross-border data protection you often need to base your solution on the most common best practices worldwide.
Data protection is worthwhile, not just from a financial perspective.
No matter how different the interpretations of data privacy between countries, no company can afford to ignore it. “As a company, you can barely do anything nowadays without data,” says Stephan. And there is a lot of work involved in making sure that you are ‘compliant’ in every respect. But it’s an effort that definitely pays off for the company. The European Supervisory Authority can impose fines amounting to up to four percent of a company’s global annual turnover in the event of non-compliance with the GDPR. The risk of penalties has increased substantially since the regulation came into effect in Europe.
In the case of EOS, the company also has a moral obligation to safely store and use the data of defaulting payers. Because unlike online shopping or registering in social networks, these individuals have not actively consented to the passing on of their data. “Naturally, people want to decide for themselves who should know about their financial situation and who should not. And that is what makes data privacy in the debt collection context such a delicate matter,” says Stephan. Data about debts are sensitive and EOS must ensure that they do not get into the wrong hands. “Particularly when making contact with debtors we need to be very careful,” says Stephan. For example, when making a phone call it must be ensured that we have the right person on the phone before we identify ourselves as a debt collection company. Any other household members, even the spouse of the person involved, should not be made aware of the context of the phone call.
New EOS Survey “What’s the value of data?”
Data is the fuel that powers entire economic sectors. But as the latest EOS Survey “What’s the value of data?” shows, the majority of consumers do not trust companies to handle their personal data. One in five survey respondents has even had a bad experience with disclosing their data to a company.
In our free white paper you can learn how to foster the digital trust of your customers.
Go to survey “What’s the value of data?”
Data protection requires a dynamic approach.
To meet these responsibilities, Stephan and his team follow a strict testing schedule in the course of which they continually check the processes and IT systems of the entire EOS Group for data leaks. In doing this they work closely with the data privacy officers at the various EOS national subsidiaries. “In this context we function as a sounding board, which can be very helpful when you sometimes cannot see the wood for the trees,” says Stephan.
“Regardless of what a company does, nowadays it will always involve data,” he says. Accordingly, Stephan also looks after a lot of other EOS Group projects, ranging from the development of chatbots and other artificial intelligences (AI) to group-wide rollouts of new debt collection or communication systems. As a data privacy officer you are always at the cutting edge of what is driving the company. Stephan is always involved right from the start of a project, initially as a sounding board. If over time it then firms up into a specific project objective, his job is to examine this from a data privacy perspective. Not all ideas are feasible. One such example was the proposal to actively approach defaulting payers via social media channels and messaging services, which came to nothing due to the providers’ data privacy frameworks. Generally, however, a solution can be found.
To be able to deal with the wide range of issues involved, he not only has to always be up-to-date with the latest technology but also needs a broad knowledge base. Every project requires a different perspective and background knowledge, says Stephan. In the case of one project relating to artificial intelligence, for example, he first had to understand the way the technology worked in order to identify the regulatory data protection requirements. “And this is what makes data protection at EOS a completely dynamic field. With every project you are diving into a different context and a different subject with people from other cultures.” If only at the computer screen, to start with.
If you’d like more information please don’t hesitate to contact us.
Photo credits: Henning Ross (3)