The 2018 UKCCF Data Security and Compliance Survey

New survey reveals increased pressure on customer contact centres to meet data security and compliance requirements

Wokingham, UK, 4th June 2018. The pressure on UK contact centres to be secure and compliant has never been greater, and the latest UK Contact Centre Forum (UKCCF) Market Study, which is sponsored by PCI Paland Ultracomms, shows how seriously organisations are taking their regulatory obligations.

The 2018 UKCCF Data Security and Compliance Survey, conducted online between January and May 2018 amongst 101 UK contact centres, reveals that:

  • 89% of organisations consider ‘ensuring we meet all our compliance obligations’ to be ‘very important’
  • 95% review their access control procedures at least once a year
  • 69% have a Data Protection Officer (or officers)
  • 60% require formal qualifications for at least some of their Data Protection Officers
  • 62% carry out Disclosure and Barring Service security checks on new contact centre personnel

As a result, only 2.5% of in-house contact centres have experienced a cyber attack that resulted in the loss of confidential customer data, and only 4% of respondents reported a data breach by contact centre agents stealing a small amount of data (i.e. under 25 records). None reported a major data breach (over 25 records).

The cost of failing to meet regulatory obligations is greater than ever.  An inability to comply with the Data Protection Act, for example, can lead to the Information Commissioner’s Office (ICO) imposing information and enforcement notices.  For serious breaches, monetary penalty notices can rise to £500,000.  In the case of a European General Data Protection Regulation (GDPR) infringement, the ICO will have similar powers – although the maximum fines it can impose will be up to €20 million or 4% annual global turnover (whichever is higher).

As well as making procedural/ process changes and investing in additional skilled personnel to assist with data security and compliance, contact centres are also investing in specialist technology.   In organisations where front line agents take credit and debit card details online, for example, 53% now use technology that ensures agents can’t see or hear those card details.

“While much has been achieved, there is still much work to do” said Trevor Butterworth, CEO UK Contact.  “Having addressed the challenges of GDPR (introduced 25 May 2018), UK contact centres must now face up compliance challenges posed by the proposed new EU ePrivacy and other regulations.  With cyber attacks and data theft on the rise globally, Data Security will also remain a very important agenda item.”

Derwyn Jones, CEO of Ultracomms, a provider of PCI DSS level 1 certified secure telephone payment solutions and omni-channel contact center services said, “Every business is taking a risk if they don’t take compliance and data protection seriously. We know that nearly two thirds of organisations who handle card payments over the phone use technology that will be deemed non-compliant when the PCI DSS Council issues its next standard update. Along with the risk of significant financial penalties, the impact of loss of customer confidence and reputation damage as a result of a data breach can be much more damaging in the long term. At a time when data protection is under unprecedented scrutiny and for every business, customer-facing processes are under the compliance microscope, organisations cannot afford to sit still”.

Tony Smith, Sales Director – EMEA, PCI Pal added “It’s very positive to see how seriously UK organisations are taking their security compliance obligations. Yet, with 95% of respondents stating that they check their access control procedures at least once a year, we want to remind UK contact centre managers of the importance of reviewing PCI DSS compliance on an ongoing basis; the latest PCI DSS standards require that evidence is provided that documents continuous compliance throughout the year for device inventories, configuration standards and security controls, rather than simply passing a test as part of an annual assessment.”

To download an Executive Summary of the 2018 UKCCF Data Security and Compliance Survey, please go to


About the UK Contact Centre Forum

Comprising six regional user groups, the UKCCF provides a platform for call centre and customer service professionals to meet and share ideas at a local level.  Monthly Executive Club meetings and Networking Seminars present the latest customer contact thinking and strategy – while Contact Centre Monthly acts as an online resource for the customer service community. The website features the latest industry news, incentive ideas, events listings, team and individual profiles, articles on strategy and technology, plus much more.


About Ultracomms

Ultracomms is a leading provider of PCI DSS level 1 certified secure payment handling and omni-channel customer contact management solutions to contact centres. Our advanced customer interaction and secure payment solutions are designed to help clients maximise contact centre performance, improve customer experience, simplify compliance processes and reduce organisational risk. For more information, visit


About PCI Pal PLC

PCI Pal is a specialist provider of secure payment solutions for contact centres and businesses taking Cardholder Not Present (CNP) payments.   PCI Pal’s globally accessible cloud platform empowers organisations to take payments securely without bringing their environments into scope of PCI DSS and other card payment data security rules and regulations.


With the entire product portfolio served from PCI Pal’s cloud environment, integrations with existing telephony, payment, and desktop environments are simple and light-touch, ensuring no degradation of service while achieving security and compliance.


PCI Pal has offices in London, Ipswich (UK) and Charlotte NC (USA). For more information visit www.pcipal.comor follow the team on Twitter:


Editorial contacts


Michael Gray, UKCCF

T: +44 (0)20 8224 2315


Liz Rawlins, Ultracomms

T: +44 (0)791 927 5070


Peppa Sheridan, Peptalk Communications (for PCI Pal)

T: +44 (0)1787 313822