Logo Pegamento

How do you ensure AVG compliance in cloud solutions for customer contact?

If you run customer contact through the cloud, you process large amounts of personal data on a daily basis. Think of names, phone numbers, email addresses, complaint history and sometimes sensitive information. The General Data Protection Regulation (AVG) sets clear requirements for how you handle that data, even if it is in the cloud. Still, many organizations struggle with the question: how do you ensure in practice that your cloud solutions for customer contact are truly AVG-compliant? This article tells you what you need to know and do.

What is AVG compliance and why is it crucial for customer contact?

The AVG, known in English as the GDPR, is European privacy legislation that governs how organizations may collect, store and process personal data. AVG compliance means demonstrably complying with all these rules. For customer contact, this is extra relevant because you process personal data at every touch point, whether it’s a phone call, a chat message or an email.

The consequences of non-compliance are serious. The Personal Data Authority can impose fines of up to 20 million euros or 4% of the worldwide annual turnover. But just as important is the trust of your customers. A data breach or privacy violation damages your reputation in ways that are difficult to recover from. Precisely because cloud solutions for customer contact process and store data in multiple places, it is essential that you know where you stand.

What personal data do you process in cloud-based customer contact?

In cloud-based customer contact, you process more personal data than you might initially think. It’s not just obvious data like names and contact information. The following categories are common:

  • Identification data: name, address, phone number, e-mail address, customer number
  • Communication data: call recordings, chat logs, email correspondence
  • Behavioral data: what channels someone uses, how often someone contacts them, wait times
  • Content data: complaints, questions, purchases, contract information
  • Special categories: in sectors such as healthcare or government sometimes health data or BSN numbers

Each of these data falls under the AVG. That means you need a processing basis for each type of data, such as consent, an agreement or a legal obligation. So carefully map out what data you actually process within your contact center environment.

Where may customer contact data be stored in the cloud?

The AVG places strict requirements on where personal data is stored. In principle, data may only be transferred to countries outside the European Economic Area (EEA) if there are sufficient safeguards. In practice, this means you have to take a critical look at where your cloud provider has its servers.

Many large cloud platforms store data in the United States. This poses risks, especially after the discussion surrounding the Privacy Shield. If you use a U.S. platform, check for standard contractual clauses (SCCs) and additional technical measures, such as encryption where the keys remain in Europe.

The safest choice for GDPR customer contact is storage within the Netherlands or the EU. Some vendors explicitly offer Dutch or European data storage, which greatly simplifies compliance. This is also a point to actively query suppliers before signing a contract.

How do you check if a cloud provider is AVG-proof?

Not every vendor that calls itself AVG-compliant is in practice. Do your own due diligence with the following steps:

  1. Ask about the processor agreement (DPA): This is a legal requirement. Without a valid DPA, you may not let the supplier process personal data.
  2. Check certifications: Vendors with ISO 27001 (information security), ISO 9001 and ISO 26000 demonstrate that they are serious about security and quality. ISO 27001 is the most relevant here for data security.
  3. Ask about sub-processors: Many cloud vendors use third-party processors. You need to know who those are and whether they are also AVG compliant.
  4. Verify data location: Ask explicitly where data is stored and processed, including backups and disaster recovery environments.
  5. Ask about incident procedures: How quickly will you as a customer be notified in the event of a data breach? The AVG requires notification within 72 hours to the regulator.
  6. Assess access management: Who within the vendor organization has access to your data? Are there audit capabilities?

A reliable supplier is transparent about all these points and provides documentation without you having to ask for it extensively.

What are the biggest AVG risks in customer contact cloud migration?

Migrating your customer contact environment to the cloud is a time when privacy risks accumulate. Here are the most common pitfalls:

  • Uncontrolled data copies: Temporary copies of large data sets are often made during migrations. If these are not properly deleted, uncontrolled data flows occur.
  • Missing processor agreements: Organizations sometimes forget that temporary migration partners also qualify as processors.
  • Outdated retention policies: A migration is a good time to discover that data has been unnecessarily retained for years, which itself can be an AVG violation.
  • Inadequate access management: During migrations, more people than usual are given access to systems. Make sure this is temporary and logged.
  • No Privacy Impact Assessment (PIA/DPIA): When processing personal data on a large scale, a DPIA is mandatory. Many organizations skip this step.

For every cloud migration, conduct a DPIA and involve your Privacy Officer from the beginning of the process. This will prevent compliance from becoming an afterthought instead of an integral part of the project.

How do you make customer contact in the cloud structurally AVG-compliant?

AVG compliance is not a one-time action, but an ongoing process. These are the pillars for a structural approach:

  • Establish a register of processing activities: Document all data processing activities within your customer contact environment, including purpose, basis and retention period.
  • Implement data minimization: Process only the data you really need. With each field, ask yourself: is this necessary?
  • Automate retention periods: Make sure your cloud platform automatically deletes data after the agreed retention period.
  • Train your employees: AVG compliance starts with awareness. Employees in the contact center are the first line and need to know how to handle personal data.
  • Conduct periodic audits: Regularly check that your suppliers are still in compliance and that your own processes are still correct.
  • Have a clear procedure for data breaches: Know who does what when an incident occurs. Time is crucial when reporting.

By integrating AVG compliance into your daily processes and technology choices, you build a customer contact environment that is not only efficient, but also earns customer trust.

How Pegamento helps with AVG-compliant customer contact in the cloud

We understand that AVG compliance in cloud solutions for customer contact can feel complex, especially when dealing with multiple systems, channels and vendors. Pegamento offers an integrated approach where privacy and data security are built in from the start.

  • Dutch cloud infrastructure: Our cloud telephony solution runs on our own Dutch infrastructure, so your personal data stays within the Netherlands and you maintain full control over the data location.
  • ISO 27001, ISO 9001 and ISO 26000 certified: We meet the highest standards for information security and quality management, giving you a solid foundation for AVG compliance.
  • One point of contact for your entire customer contact environment: No silos, no complex vendor management. Everything under one roof, from telephony and omnichannel customer contact to AI support and knowledge solutions.
  • Transparent processor agreements: We provide clear DPA documentation and are open about sub-processors, data locations and security measures.
  • Privacy-first AI: Our AI solutions, including knowledge tools and call support, process data within a closed environment without the use of public AI models.

Want to know if your current customer contact environment is AVG-proof and where the risks are? Contact us for an informal discussion. We would be happy to help you further.

Frequently Asked Questions

Do I need a processor agreement with every cloud vendor I use for customer contact?

Yes, a processor agreement (DPA) is required by law for any party processing personal data on your behalf, including sub-processors such as telephony platforms, chat tools and CRM systems. Don't forget about temporary parties as well, such as migration partners or external consultants who are given access to customer data during a project. Without a valid DPA, you are at immediate risk of a fine from the Personal Data Authority.

What should I do if a customer asks for access to or deletion of their data?

The AVG gives customers the right to access, correct and delete their personal data, also known as the 'right to oblivion'. You are required to respond to such a request within one month. Therefore, make sure your cloud platform is technically capable of quickly locating and deleting all of a single person's data, including call recordings, chat logs and email correspondence. Lay out the procedure for handling these requests in an internal policy document.

May we record customer conversations for quality purposes, and if so, under what conditions?

Yes, you may, but only if you have a valid processing basis and clearly inform the customer about the recording in advance. In most cases, permission is requested via a recorded message at the beginning of the conversation. In addition, set a clear retention period for the recordings and ensure that they are automatically deleted after this period. Never keep recordings longer than strictly necessary for the stated purpose.

When is a DPIA mandatory for our cloud contact center environment?

A Data Protection Impact Assessment (DPIA) is mandatory when you process personal data on a large scale, monitor systematic behavior, or process special categories of data such as health data or BSN numbers. Therefore, for most cloud contact center environments, a DPIA is not optional, but a legal requirement. Perform the DPIA before implementation or migration, not afterwards, and actively involve your Privacy Officer or Data Protection Officer (FG) in the process.

How long may we keep customer contact data?

The AVG requires that you keep personal data for no longer than necessary for the purpose for which it was collected, the storage limitation principle. For customer contact data, this means that you need to establish a concrete retention period for each data type: call recordings, for example, are often deleted after 30 to 90 days, while contract-related data may sometimes be kept for up to seven years based on a legal retention obligation. Record these periods in your processing register and automate the deletion as much as possible through your cloud platform.

What should we do if our cloud provider reports a data breach?

If your cloud provider reports a data breach involving personal data of your customers, you as the data controller are required to report this to the Personal Data Authority within 72 hours, unless the leak is unlikely to pose a risk to data subjects. If the risk is high, the affected customers must also be informed. Therefore, make sure you have a clear escalation procedure in place internally, including contacts, notification templates and a data breach log, so that you can act quickly and correctly.

Can we use AI tools in our contact center without violating the AVG?

Yes, you can, but only if the AI solution is carefully designed with privacy in mind. Avoid AI tools that transmit customer data to public models or remote servers outside the EEA, as this poses significant AVG risks. Opt for solutions that process data within a closed, European environment, document the use of AI in your processing registry and transparently inform customers about automated processing, especially if AI decisions directly affect the customer.

More blogs

Download the white paper here

Deepen your knowledge with Pegamento’s white papers.

Joost Schaap-Account manager Pegamento

Joost Schaap

Senoir Account Manager

Linkedin

When a customer contacts an organization because they have a complaint, it is crucial that the employee of the organization begin by listening carefully. What does this complaint mean for the customer and also for their own organization? How can this complaint be resolved? After listening carefully the employee needs the right information so that a solution can be offered.

This piece was written by Joost Schaap, working as an Account Manager at Pegamento.

Tim Treurniet-AI developer Pegamento

Tim Treurniet

Designer of Intelligent Systems

Linkedin

Real childhood heroes I never had. But in retrospect, I believe figures like Willie Carrot or Dexter’s lab may have had an influence on me. I get energy from actually making innovative and useful products myself. Nothing like seeing the effect of a project that automates a boring task, or makes a complex process suddenly accessible.

A nice bridge to my photograph is the physical aspect of my work. By working with image recognition, I am often very directly connected to the physical world and my work is more than just programming. For example, our image recognition software ensures safety on bridges, tracks players on a soccer field or uses your own smartphone to accurately measure yourself. This combination between physical and digital provides variety and extra challenge. For me, these are the main reasons for my interest and enthusiasm in what I do!

This piece was written by Tim Treurniet, employed Designer of intelligent systems at Pegamento.

Vera van der Plas-UI-UX designer

Vera van der Plas

UI/UX Designer

Linkedin

As a UX/UI designer, I deal daily with transforming complex data into user-friendly visualizations. All of this topped off with a digital lick of paint which should attract the visitor’s attention to take action.

One of the interesting aspects of this field I find the effects that small tweaks, both textual and visual, can have on conversion. The psychological impact that a simple background color of a CTA button has on our behavior is huge. After all, that color can determine whether or not you are going to buy that product.

What we see and how our brains process and interpret this information fascinates me. The possibilities of subconsciously pointing potential customers in your chosen direction are endless. I hope to apply my expertise more often within our solutions in the future.

This piece was written by Vera van der Plas, working as a UX/UI Designer at Pegamento.

Fouad Rahaoui-Finance Pegamento

Fouad Rahaoui

Financial Controller

A Financial Controller within a company should not only be an expert in Finance. You must also have knowledge of the latest IT developments. Because these are also moving very quickly in the world of Finance.

At Pegamento, I can learn all about the latest IT developments. Like the latest development in the field of Machine learning and deep learning.

Through these application areas, as Financial Controller, I can further automate the financial business processes within Pegamento and implement improvements for the automatic processing of financial data.

This piece was written by Fouad Rahaoui, working as a Financial Controller at Pegamento.

Ernst Vegter-Business consultant Pegamento

Ernst Vegter

Business Consultant

Linkedin

Hospitality is one of my deepest motivations.
Not surprisingly, of course, customer service is a common thread in my career. Aspects of hospitality is being able to connect, to facilitate but mainly to make someone feel genuinely welcome. My intuition is my greatest asset to be able to put myself in the shoes of a guest. A customer is my guest.

Fed by various senses, an image forms around the client. I listen to what is being said, watch facial expressions, taste the underlying tone and get a feel for the challenge to be addressed. An image literally forms on my retina. I have to be able to see it. If I can see it, I can create it.

In this, the trick is to pursue simplicity, give the client a warm feeling that the problem is understood, receive good advice, facilitated and carefully guided to the solution. Trust, connect and unburden.

The feeling when a guest arrives at your hotel after a long tiring journey, can sit in front of the fireplace, be handed a good glass of wine and stare carefree at the fire. My guest knows it will be okay.

This piece was written by Ernst Vegter, working as a Business Consultant at Pegamento.

Gunisch-AI developer Pegamento

Gunish Alag

AI Developer

Linkedin

A picture is worth a thousand words, is an expression most of us have heard. We see a lot of things around us on a daily basis and subconciously have the ability to recognize and understand them. This ability of humans to me seems bizarre.

As a computer vision developer at Pegamento that is what I do, break down complex problems and turn them into solutions using images by meticulously extracting useful data.
With the world moving forward and new technologies emerging, complicated problems which were difficult to solve a decade earlier suddenly seem possible and viable. The future is full of new challenges and I look forward to them.

This story is written by Gunish, working as an AI developer at Pegamento.

Ewold Jansen-Service engineer Pegamento

Ewold Jansen

Service & Support Engineer

Linkedin

Hearing the wishes a customer has or the problems a customer is facing is important in order to then be able to help them properly. In both cases, I help find the right solution.

When the customer comes to us with a desire, they don’t know what all the options are. In this I advise them to make the right choices. When problems arise, listening to them is important. For example, a problem arises from a wrong action. By communicating well in this, many problems can be solved quickly by explaining it well. Through poor communication, a small problem can become very big.

This piece was written by Ewold Jansen, working as a Service & Support Engineer at Pegamento.

Andre Glasbergen-Scrum master Pegamento

Andre Glasbergen

Scrum Master

Linkedin

After completing my studies, I started working as a developer at a young Pegamento with a lot of ambition and enthusiasm. In the first years I learned all about process automation, now better known as RPA. I often had to rack my brains to convert the work instruction into a logical function, with not too many If-statements, so that the robot could perform the work.

I developed further and went to work as a consultant. Listening well to the customer and supporting in the pre-sales phase of projects. Executing projects and listening suited me very well. It was a small, but logical, step to now work as a Scrum Master and Project Manager. I have been supervising projects for a few years now. Such as RPA, Cloud applications and AI, according to the Human lead agile approach, We build this with a large team of specialists.

This piece was written by André Glasbergen, working as a Scrum Master at Pegamento.

Ensar Ari-IT engineer Pegamento

Ensar Ari

IT Engineer

Linkedin

Good communication between customer and organization is very important. As an organization, you naturally want to be easily accessible to your customers. Either via social media channels or via the old familiar telephone. Often organizations do not know exactly how they want their telephone line set up. That is why I like to help them think along and give them ideas. I believe there is a solution to every problem. But sometimes you just need someone who looks at the situation a little differently.

This piece was written by Ensar Ari, working as an IT Engineer at Pegamento.

Nini Heerings-Chief Happiness Officer Pegamento

Nini Heerings

Chief Happiness Officer

Linkedin

“You get to know someone better by playing for an hour than by talking for a year.”

This quote from Plato is totally hitting home for me. That’s why I like to connect people through play. Because while playing, you are totally on, all your senses at work.
In my great role as Chief Happiness Officer, I want to do that by connecting colleagues with each other and with the organization. In a creative and playful way that suits Pegamento.

When I’m not at work, I also enjoy connecting people. I do this by organizing The Playground, where adults play games you used to play in the schoolyard, gymnasium or neighborhood playground. The pure feeling of fun, total relaxation and no thoughts of anything but playing. That feeling is the goal.

This piece was written by Nini, working as Chief Happiness Officer at Pegamento.

Ger Koedam-Communication & Marketing Pegamento

Ger Koedam

Marketing & Communications

Linkedin

How can I help you? That’s pretty much the first question I ask when talking to people who are curious about our services. In such a conversation, the use of senses is very important. Because not everyone is the same. One person thinks in images, while for another words are important or how something feels. For me, sight and hearing are the most beautiful senses, because both eyes and ears absorb information and can convey or process emotions.

Why hearing? Because listening is essential in contact. And it’s the key to unlocking valuable insights.

I developed this skill early on. As a child, I enjoyed radio plays on the radio, bringing the stories to life in my head.

Pim Ritmijer-Software developer Pegamento

Pim Ritmeijer

Software Developer

Linkedin

Programming is more than just “code knocking. For me, listening to what the customer wants and visualizing that is an important part of software development.

Actively listening to a customer to understand the customer’s full story is crucial before building a solution. When you understand a customer’s story, you can think together about a solution that truly helps the customer.

Visualizing solutions is the next step for me. What will be the route we will climb to get to a solution? What challenges are we going to face to get to the top?

Like climbing, good preparation is valuable. Even though you can’t prepare for everything, preparation helps make the application fit the client’s needs as well as possible.

What a beautiful and fascinating profession programming is.

This piece was written by Pim Ritmeijer, working as a Software Developer at Pegamento.

Denise Verhoef-Software developer Pegamento

Denise Verhoef

Software Developer

Linkedin

Hearing is something you do a lot of as a programmer but also thinking, for example, when you are tasked with putting together a customer need. If the customer wants a function for his application, it is important that as a programmer you think carefully about which functions are functional and which functions are not. In this way, you will put together the most functional application possible and the customer will have a good end product. Turning needs into code into functionality is something I find interesting.

I am currently doing an internship at Pegamento and studying Software Developer. I get a lot of information that you have to process and apply. The nice thing about this is that you can learn new things but also that you can experience how it works in real business. I started this training last year and knew nothing about programming beforehand. Now I can find my own way with programming and I enjoy working with it. That you can get from a blank page to a functional application through code is cool!

This piece was written by Denise Verhoef, working as a Software Developer intern at Pegamento.

Remco Pabst-Business consultant Pegamento

Remco Pabst

Computer Vision & AI Lead

Linkedin

Using innovative software technology for people or business to make “things” easier and smarter is really a driving force. That’s why the connection between the senses appeals to me the most. Our brains connect the senses just like a business process connects people, systems (data) and logic. They register and trigger an action, exactly how it should be in an optimal workflow. Very cool what is already possible today when we add a lot of computational power to that as well.

Hearing also means a lot. Not because I like to listen to Jazz, Soul, Deep House or Focus-like music every day AND have to be able to listen well to interpret a wish or pain point, but more because not everyone can have all the senses at their disposal. Think of him or her with a visual impairment. The fact that in close cooperation we were able to apply AI, TTS/STT technology (which is still in development) for this often underserved group of people in today’s digital world and to improve the interaction and experience with it gives me a lot of energy and meaning to what I try to do with technology; create value.

This piece was written by Remco, working as a Business Consultant at Pegamento.

Thomas de Wolf-Vision Engineer Pegamento

Thomas de Wolf

R&D Director

Linkedin

Once when I had to choose which study I was going to do, I had a hard time making that choice. I was interested in engineering, but what I most wanted to do was just work with a team toward a common goal.

To this day, that is still what I love doing most. The technology has become image recognition and the team the computer vision department of Pegamento. So it’s logical that in terms of sense, I end up with “seeing. By using our image recognition solutions to see things in the real world, our entire team solves relevant problems for our customers. And because of the variation in customers, the places where our solutions end up are never the same. For example, one moment I am in the control room of a bridge and the next day I am on a production line for sandwiches or between the fences of a TBS clinic.

This piece was written by Thomas de Wolf, working as a Computer Vision & AI Lead at Pegamento.

Rob Roode-Research Development

Rob Roode

Research & Development

Linkedin

Recognizing and automating patterns. Tasks we are constantly working on when implementing our robots at Pegamento. My 2 Drentsche Patrijshonden are hunting dogs and certainly not robots. The hunting instinct and intuition is basically in their genes. Continuing to offer new forms of training has taught them to recognize and act independently in hunting situations. Even “unsupervised,” even if I’m not around.

But when you try to teach a brain something, it also starts to see things you don’t expect. Dogs pick up on the slightest deviation in your voice or directions. To start recognizing that and correcting it again is perhaps the most complex challenge. But in our work, for the wonderful clients for whom we get to work, it often yields the most beautiful new insights!

This piece was written by Rob, founder of Pegamento and in charge of Marketing and R&D.

Serge Poppes-CEO Pegamento

Serge Poppes

CEO

Linkedin

Feeling. That’s the best thing Pegamento stands for. Feeling for technology in the broadest sense of the word. Not only feeling for the exciting stuff like AI, but also for the basics of communication.

The very best part of my job is selling, listening, translating and thinking about what really matters. We bring the digital transformation with a great team!
The diversity of our team, how sharp we are, but especially the wonderful things we get to make makes me feel extremely good. Hence, I intuitively chose the sense of “feeling.

Feeling gives life and differentiation!

Logo Pegamento
Contact
Support