The old Data Protection Act was replaced on 25th May 2018 with a new regulation called General Data Protection Regulation or GDPR
Under the new law, organisations must comply with strict rules regarding the collection, storage, use and disclosure of personal data. They also need to ensure that any third parties who process personal data on behalf of them are subject to similar requirements.
GDPR in more detail
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission sought to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
The GDPR primary aim is to give control back to citizens and residents over their personal data use and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR replaced the DPA (Data Protection Act) and was adopted by the UK despite Brexit.
Old rules on call recording allowed calls to be recorded where a recorded annoucement made this clear or written message informed the caller (for example on a website, or on correspondence etc.). GDPR changes this and now a company must get the customer’s consent to record a call first. This may be prior to a call for regular customers or for new customers at the beginning of the call.
We recommend that customers familiarise themselves with the requirements of the ICO (Information Commissioners Office) regarding GDPR rules in relation to recording telephone calls.
How does GDPR affect call recording for FCA regulated firms, where calls must be recorded for compliance and other legislative reasons?
If you record calls for one of the 6 reasons stated under “lawful reasons to record” you should ensure you know which reason is the basis for you to record and note this for ICO audits and GDPR compliance references.
How does GDPR affect companies that wish to record their calls?
Consent under the GDPR must be freely given. It must be specific, informed, and an unambiguous indication of the individual’s wishes. There must be a clear affirmative action – consent cannot be inferred from silence, pre-ticked boxes, or inactivity. Consent must also be separate from other terms and conditions, and you will need to provide simple ways for people to withdraw consent.
What other lawful basis allows calls to be recorded apart from consent?
Organisations must show they are GDPR compliant with at least one of the following:
- Consent of the recorded subject. There is a more defined list of special categories from the ICO.
- The recording is necessary for the performance of a contract with the subject or to take steps to enter into a contract.
- The recording is necessary for compliance with a legal obligation.
- The recording is necessary to protect the vital interests of a subject or another person.
- The recording is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Where call recording is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.
How Vidicode enables the customer’s right to be forgotten under GDPR
Under the GDPR, customers have the right to request that any personal data held by an organisation should be erased. To comply with this requirement, organisations must ensure that any data stored on their systems has been deleted.
We have unique technology in our Apresa (SIP & IP), 3CX, Microsoft Teams, BRI & PRI recording solutions enabling calls to be recorded automatically whilst at the same time providing both the agent and/or customer with the ability to control whether the recording of the call proceeds or not. Call marking and screen recording as standard enhances our proposition for rapid find and retrieval of calls under the GDPR right to be forgotten.
The Apresa System has a stop recording feature if the customer decides at the point of contact or during a call that their legitimate interest is being overridden by the call being recorded. An example of this might be where a call is being recorded for training purposes which benefits the company and not the customer at that moment in time. The Apresa will also stop any future recordings of that customer if required.
Whilst there are many clear benefits in choosing the Apresa to assist with GDPR compliance all is not lost for owners of legacy call recording systems as Vidicode UK offers phrase and word matching through sister company VoiceCrunch. VoiceCrunch is a voice analytics platform that finds recorded calls identified by using words and phrases as chosen by the user.
Apresa has a wide range of standard features to assist with GDPR compliance:
- Records calls on most platforms including 3CX, Microsoft Teams, SIP/VoIP, SIPREC, ISDN II, ISDN E1/T1, TDM, Analogue and radio communication
- Multi-level access for supervisors, groups, and users with user assignable search restrictions
- Screen recording providing a complete view of the entire customer interaction
- Call colour coding and annotation for fast, easy retrieval and playback
- High security levels with encryption and Fingerprinting MD5, SHA-1
- Automatic backup to NAS (Network Assisted Storage)
- PCI-DSS compliance for payment card transactions
- Statistics for analysis in graph or .csv
- Store on demand (audio & screen)
- Automatic system check
- Free seating
Apresa offers more optional features
- Agent Evaluation Module
- Raid 1 or Raid 5 option
- Redundant power supply
- Virtual or Hosted Implementations
For more comprehensive information about the right to object to calls being recorded visit the ICO website and click here.
Call Recorder Apresa Installation Manual
Sources: