Data protection in the debt collection context: How our data privacy officers work.
Data protection is not nearly as boring as it is made out to be, at least according to EOS Senior Privacy Officer Stephan Bovermann. In this article he discusses the challenges in international data protection and explains how EOS deals with sensitive debt collection data and why his job calls for a dynamic approach.
- When working in international data protection and data privacy, you encounter a lot of different interpretations of what this means in various countries. In these circumstances you have to find a suitable approach based on the general best practices.
- Nowadays, companies face considerable financial penalties if they fail to comply with data privacy regulations.
- The handling of sensitive data relating to debt makes data privacy in the debt collection context an especially delicate task.
- In an international corporation like EOS, the job of data privacy officer is very varied and demands a broad range of expertise.
Stephan Bovermann’s first dealings with data protection and data privacy were in 2007, when he was still an IT project manager. Since then he has been passionate about the issue. But it’s a passion that not everyone shares: “At that time data protection was still seen as a necessary evil. It was something that had to be done, but nobody enjoyed doing it, except me.” Over a decade later, following a career shift, he is responsible for data protection and data privacy provisions at the EOS Group in his capacity as Senior Group Privacy Officer. It is no easy task, but one that is multi-faceted.
As a company, you can do barely anything nowadays without data. And it is a lot of work to make sure that you are ‘complaint’ in every respect. But it’s an effort that definitely pays off for the company.
Despite the GDPR, every country interprets data privacy differently.
Data protection is worthwhile, not just from a financial perspective.
In the case of EOS, the company also has a moral obligation to safely store and use the data of defaulting payers. Because unlike online shopping or registering in social networks, these individuals have not actively consented to the passing on of their data. “Naturally, people want to decide for themselves who should know about their financial situation and who should not. And that is what makes data privacy in the debt collection context such a delicate matter,” says Stephan. Data about debts are sensitive and EOS must ensure that they do not get into the wrong hands. “Particularly when making contact with debtors we need to be very careful,” says Stephan. For example, when making a phone call it must be ensured that we have the right person on the phone before we identify ourselves as a debt collection company. Any other household members, even the spouse of the person involved, should not be made aware of the context of the phone call.
Data is the fuel that powers entire economic sectors. But as the latest EOS Survey “What’s the value of data?” shows, the majority of consumers do not trust companies to handle their personal data. One in five survey respondents has even had a bad experience with disclosing their data to a company.
In our free white paper you can learn how to foster the digital trust of your customers.
Go to survey “What’s the value of data?”
Data protection requires a dynamic approach.
“Regardless of what a company does, nowadays it will always involve data,” he says. Accordingly, Stephan also looks after a lot of other EOS Group projects, ranging from the development of chatbots and other artificial intelligences (AI) to group-wide rollouts of new debt collection or communication systems. As a data privacy officer you are always at the cutting edge of what is driving the company. Stephan is always involved right from the start of a project, initially as a sounding board. If over time it then firms up into a specific project objective, his job is to examine this from a data privacy perspective. Not all ideas are feasible. One such example was the proposal to actively approach defaulting payers via social media channels and messaging services, which came to nothing due to the providers’ data privacy frameworks. Generally, however, a solution can be found.