The old Data Protection Act was replaced on 25th May 2018 with a new regulation called General Data Protection Regulation or GDPR
Under the new law, organisations must comply with strict rules regarding the collection, storage, use and disclosure of personal data. They also need to ensure that any third parties who process personal data on behalf of them are subject to similar requirements.
GDPR in more detail
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission sought to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
The GDPR primary aim is to give control back to citizens and residents over their personal data use and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR replaced the DPA (Data Protection Act) and was adopted by the UK despite Brexit.
Old rules on call recording allowed calls to be recorded where a recorded annoucement made this clear or written message informed the caller (for example on a website, or on correspondence etc.). GDPR changes this and now a company must get the customer’s consent to record a call first. This may be prior to a call for regular customers or for new customers at the beginning of the call.
We recommend that customers familiarise themselves with the requirements of the ICO (Information Commissioners Office) regarding GDPR rules in relation to recording telephone calls.
How does GDPR affect call recording for FCA regulated firms, where calls must be recorded for compliance and other legislative reasons?
If you record calls for one of the 6 reasons stated under “lawful reasons to record” you should ensure you know which reason is the basis for you to record and note this for ICO audits and GDPR compliance references.
How does GDPR affect companies that wish to record their calls?
Consent under the GDPR must be freely given. It must be specific, informed, and an unambiguous indication of the individual’s wishes. There must be a clear affirmative action – consent cannot be inferred from silence, pre-ticked boxes, or inactivity. Consent must also be separate from other terms and conditions, and you will need to provide simple ways for people to withdraw consent.
What other lawful basis allows calls to be recorded apart from consent?
Organisations must show they are GDPR compliant with at least one of the following:
How Vidicode enables the customer’s right to be forgotten under GDPR
Under the GDPR, customers have the right to request that any personal data held by an organisation should be erased. To comply with this requirement, organisations must ensure that any data stored on their systems has been deleted.
We have unique technology in our Apresa (SIP & IP), 3CX, Microsoft Teams, BRI & PRI recording solutions enabling calls to be recorded automatically whilst at the same time providing both the agent and/or customer with the ability to control whether the recording of the call proceeds or not. Call marking and screen recording as standard enhances our proposition for rapid find and retrieval of calls under the GDPR right to be forgotten.
The Apresa System has a stop recording feature if the customer decides at the point of contact or during a call that their legitimate interest is being overridden by the call being recorded. An example of this might be where a call is being recorded for training purposes which benefits the company and not the customer at that moment in time. The Apresa will also stop any future recordings of that customer if required.
Whilst there are many clear benefits in choosing the Apresa to assist with GDPR compliance all is not lost for owners of legacy call recording systems as Vidicode UK offers phrase and word matching through sister company VoiceCrunch. VoiceCrunch is a voice analytics platform that finds recorded calls identified by using words and phrases as chosen by the user.
Apresa has a wide range of standard features to assist with GDPR compliance:
Apresa offers more optional features
For more comprehensive information about the right to object to calls being recorded visit the ICO website and click here.