When we talk about who we are and what we do, our focus is on our solutions and how they descope your busy contact centres from the requirements of PCI Compliance. But as the General Data Protection Regulation (GDPR) is a month away we come to talk about exactly where PCI compliance fits within it. Our infographic, PCI & GDPR: Piecing together the jigsaw, gives a visual representation of where PCI compliance fits into the requirements of the regulations, specifically within integrity and confidentiality, but let’s explore this in a little more detail.

Some payment gateways require additional personal identifiable information (PII) along with card details. This can include names, address and email addresses as an example. All of them send their phone calls through us, complete with the caller’s phone number.

When it comes to the GDPR the key questions to ask are:

  • What data are we holding?
  • Why are we holding it?
  • Do we really need it?

And in the case of busy contact centers taking large numbers of card payments, card data is essential for payment, but is it necessary to hear, see and store this information? In the interests of data security, the answer is no.

With our expertise within PCI DSS compliance, we’ve understood data security ever since our inception. Through products such as Agent Assist not only does this descope your contact centre, it also means that any threats, be they internal or external, have no access to your customer’s sensitive cardholder data and is therefore compliant with the GDPR.

PCI compliance is not the only part of the puzzle, but given the degree of sensitive information involved it is a significant one. De-scoping your contact centre goes a long way to reducing the risks.


To discuss PCI Pal’s solutions, get in touch with us here.