GDPR Requirements for Recording Telephone Calls

Get in Touch

Demystifying GDPR: A Comprehensive Guide to Recording Phone Calls in the UK

Are you unsure about the rules and regulations of recording phone calls in the UK?

Look no further! Our comprehensive guide on GDPR compliance and recording phone calls will help you navigate the legal landscape with ease.

We’ll provide you with all the information you need to ensure your phone call recordings conform to the necessary guidelines.

How recording telephone conversations is affected by the GDPR

Recording phone calls can be a valuable tool for businesses, providing a means to review conversations, ensure quality control, and resolve disputes. However, it’s important to understand the legal requirements surrounding call recording in the UK.

The legal framework that governs phone call recording is primarily governed by the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR). These regulations aim to protect the privacy and personal data of individuals, and failure to comply with them can result in significant penalties.

Under the General Data Protection Regulation (GDPR), recording telephone conversations is considered a form of processing personal data. As such, it is subject to the GDPR’s data protection rules.

In general, if you wish to record a telephone conversation, you must have a lawful basis for doing so. This means you must have a legitimate reason for recording the conversation, aligning with the GDPR’s transparency, fairness, and proportionality principles.

Several lawful bases may apply to recording telephone conversations, including:

  1. Consent: You can obtain explicit consent from the individual before recording the conversation. However, it’s important to note that consent may not be a sufficient lawful basis in some cases, such as in an employment relationship.
  2. Legitimate interests: If you have a legitimate interest in recording the conversation, such as for quality assurance or training purposes, you may be able to do so. However, you must ensure that the individual’s privacy rights do not outweigh your legitimate interests.
  3. Contract: If the recording is necessary for the performance of a contract with the individual, you may be able to record the conversation without their explicit consent.
  4. In addition to having a lawful basis for recording the conversation, you must also provide the individual with certain information, such as the purpose of the recording and how long it will be kept. You must also ensure that the individual’s rights under the GDPR are respected, such as the right to access their personal data and the right to have it erased.
  5. It’s important to note that different countries may have specific rules and regulations regarding recording telephone conversations, so it’s important to check local laws and regulations before recording any conversations.

A customer’s right to be forgotten under GDPR regulations.

The right to be forgotten, known as the right to erasure, is one of the data subject rights provided by the General Data Protection Regulation (GDPR). This right allows individuals to request that their personal data be erased in certain circumstances.

Under the GDPR rules, individuals have the right to ask for their personal data be deleted if:

  1. The data is not or is no longer necessary for the purpose for which it was collected.
  2. The individual withdraws their consent to process the data; there is no other lawful basis for processing it.
  3. The individual objects to processing of their data, and there are no overriding legitimate grounds for the processing.
  4. The data was unlawfully processed.
  5. The data has to be erased to comply with a legal obligation.

If a person requests that their data be deleted, the data controller must respond without undue delay and no later than one month from the date of the request. The data controller must verify the identity of the individual making the request and then assess whether the request is valid.

If the request is valid, the data controller must erase the personal data without delay unless there is a legitimate reason for keeping the data, such as to comply with a legal obligation.

It’s important to note that the right to be forgotten is not absolute, and there may be situations where an individual cannot exercise it, for example, if the data processing is necessary to exercise their right to freedom of expression and information or for the establishment, exercise, or defence of legal claims.

Consequences of non-compliance with GDPR in recording phone calls

Non-compliance with GDPR in recording phone calls can result in severe consequences for businesses. The Information Commissioner’s Office (ICO) has the power to impose fines of up to €20 million or 4% of the global annual turnover, whichever is higher. These fines can have a significant impact on businesses, both financially and reputationally. In addition to fines, businesses may also face legal claims and damage to their brand image if individuals’ rights are violated.

It’s crucial for businesses to understand the legal requirements and take the necessary steps to ensure compliance with GDPR when recording phone calls. By doing so, they can avoid the potential consequences of non-compliance and maintain the trust and confidence of their customers.

How Vidicode enables the customer’s right to be forgotten under GDPR

Under the GDPR, customers have the right to request that any personal data held by an organisation should be erased. To comply with this requirement, organisations must ensure that any data stored on their systems has been deleted.

We have unique technology in our Apresa (SIP & IP), 3CX, Microsoft Teams, BRI (ISDN2) & PRI (ISDN 30) recording solutions enabling calls to be recorded automatically whilst at the same time providing both the agent and/or customer with the ability to control whether the recording of the call proceeds or not. Call marking and screen recording as standard enhances our proposition for rapid find and retrieval of calls under the GDPR right to be forgotten.

The Apresa System has a stop recording feature if the customer decides at the point of contact or during a call that their legitimate interest is being overridden by the call being recorded. An example of this might be where a call is being recorded for training purposes which benefits the company and not the customer at that moment in time. The Apresa will also stop any future recordings of that customer if required.

While there are many advantages to selecting Apresa for GDPR compliance assistance, a valuable option is still available to owners of older call recording systems. Vidicode UK offers phrase and word matching through VoiceCrunch Speech Analytics, a specialised voice analytics platform designed to locate recorded calls based on user-defined words, phrases, sentiments, tones, and emotions.

Apresa offers a comprehensive set of standard features to support GDPR compliance, including:

  • Records calls on a wide range of platforms, such as Wildix, 3CX, Microsoft Teams, SIP/VoIP, SIPREC, ISDN II, ISDN E1/T1, TDM, analogue, and radio communication.
  • Multi-level access for supervisors, groups, and users with user assignable search restrictions
  • Screen recording providing a complete view of the entire customer interaction
  • Call colour coding and annotation for fast, easy retrieval and playback
  • High security levels with encryption and Fingerprinting MD5, SHA-1
  • Automatic backup to NAS (Network Assisted Storage)
  • PCI-DSS compliance for payment card transactions
  • Statistics for analysis in graph or .csv
  • Store on demand (audio & screen)
  • Automatic system check
  • Free seating

Apresa offers more optional features

  • Agent Evaluation Module
  • Raid 1 or Raid 5 option
  • Redundant power supply
  • Virtual or Hosted Implementations

For more comprehensive information about the right to object to calls being recorded visit the ICO website and click here.


Our Clients


Since its inception in 2004, TravelUp has aimed to make worldwide travel effortless for its customers. With so many options for a customer, its bespoke deal finder technology searches masses of different suppliers simultaneously. It quickly returns all the best available deals for flights, hotels or full... Read more

Games Workshop

... Read more

TLF - The Leadership Factor

Based in Huddersfield and proud of their Yorkshire heritage TLF Research boast a proven track record of improving the customer experience, satisfaction, and loyalty of their client’s companies through the design and running of customer research programmes. As a full-service agency TLF has assisted customers including Visa, Calor, Co-op and Saint... Read more


Over the last 20 years, SoloProtect has innovated and evolved to provide an industry-leading lone worker safety solution that is used by thousands of people across the world. SoloProtect work with public, private, and charity sector organisations that employ large numbers of staff who work alone, are community-based, or are required... Read more

Budgen Motors

As one of Shropshire’s biggest and longest established Motor Dealerships Budgen prides itself on giving excellent service to all its customers. Budgen has been in Shropshire for 40 years and it is still family run today. Originally started by Tommy Budgen in the 70s, Budgen was taken over by the late Robin... Read more

MSL Motor Group

MSL Motor Group was founded by Stephen O’Flaherty who is widely celebrated as one of the great pioneers of modern Irish motoring. His grandson, who is also named Stephen O’Flaherty, is the Chairman of MSL Motor Group today. The O’Flaherty family have a long history in the Irish motor industry and have... Read more

Right to Health

When Infinity Group, one of the UK’s largest IT and Telephony providers were tasked by Right to Health, to find a reliable, user friendly call recording platform that met FCA* compliance standards they turned to Vidicode UK and call recording expert Everton Stuart. Right to Health, founded in 2001, specialise in finding... Read more

DF Markets

DF Markets (Delta Financial Markets Ltd.) is a Forex, CFD and Financial Spread Betting provider established and located in Canary Wharf, London. The company is regulated by the Financial Conduct Authority (FCA register number 534027). The protection of client funds is provided by the Financial Services Compensation Scheme (FSCS). DF Markets offers... Read more


Founded in 1986 by John Mills and now a global operation, JML was once a small family company that developed through consumer exhibitions with exciting live demonstrations of innovative products. Over the last two decades we’ve grown into a household name, one of the nation’s favourite brands and a world leader... Read more


The company was founded in 2003, but in 2007, with the arrival of the new shareholder, we dedicated particular resources and energy to the Investment Management business, focusing on the search for good results and outperformance of the benchmark indices. Our team’s best management skills lie in UCITS Funds and Alternative... Read more