Apresa: ICO, GDPR Call Recording Consent

Get in Touch

Vidicode UK has unique technology in our Apresa (SIP & IP), 3CX, Microsoft Teams, BRI PRI recording solutions, which enable calls to be recorded automatically whilst at the same time providing both the agent and or customer with the ability to be able to control whether the recording of the call proceeds or not.

What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.

The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the DPA (Data Protection Act).

The regulation was adopted on 27 April 2016 and enforced in May 2018.

Is your business ready? Contact us now to find out how we can help you.

How does GDPR affect call recording for regulated firms, where call recording is required for compliance and other legislative reasons?

In short…It doesn’t. If you record calls for one of the 6 reasons stated under “lawful reasons to record” then all you need to do is ensure you know which reason is the basis for you to record and note this for ICO, Audits, and GDPR compliance references.

How does it affect companies that wish to record their calls?

Consent under the GDPR must be freely given. It must be specific, informed, and an unambiguous indication of the individual’s wishes. There must be a clear affirmative action – consent cannot be inferred from silence, pre-ticked boxes, or inactivity.

Consent must also be separate from other terms and conditions, and you will need to provide simple ways for people to withdraw consent.

Remember that you can rely on other lawful bases to record calls…apart from consent.

Organisations must show how they are compliant with at least one of the following:

  1. Consent of the recorded subject. There is a more defined list of special categories from the ICO.
  2. The recording is necessary for the performance of a contract with the subject or to take steps to enter into a contract.
  3. The recording is necessary for compliance with a legal obligation.
  4. The recording is necessary to protect the vital interests of a subject or another person.
  5. The recording is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  6. Where call recording is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.

Apresa has a wide range of features to assist with GDPR:

  • Multi-level access; supervisors, groups, and users
  • Free seating
  • Screen recording
  • Store on demand (audio & screen)
  • PCI-DSS compliance
  • Call commenting
  • Statistics for analysis in graph or .csv
  • Quick and easy search interface
  • User assignable search restrictions
  • Fingerprinting MD5, SHA-1
  • Encryption
  • Automatic backup to NAS
  • Automatic system check
  • Records 3CX, MS Teams, SIP/VoIP, ISDN II, E1/T1, TDM, Analogue and radio communication


  • Agent Evaluation Module
  • Raid 1 or Raid 5 option
  • Redundant power supply
  • Virtual or Hosted Implementations


Download Call Recorder Apresa Brochure (EN)

Vidicode UK GDPR White Paper 2017