How does GDPR affect call recording?

GDPR Call Recording – Put simply, GDPR (General Data Protection Regulations) is about strengthening the rights of the individual, giving them more control over what information businesses collect and have stored about them.

Call recording is the ability to capture conversations on inbound and outbound calls to your business. Often calls contain Personally Identifiable Information (PII) and are therefore subject to GDPR. PII can range from a name, telephone number, email address to sensitive information such as bank details or health issues. There are various reasons why a business may wish or need to record calls, regardless of the industry.

GDPR now outlines six conditions under which calls may lawfully be recorded:

  1. The people involved in the call have given consent to be recorded
  2. Recording is necessary for the fulfilment of a contract
  3. Recording is necessary to comply with a legal obligation
  4. Recording is necessary to protect the interests of one or more participants on a call
  5. Recording is in the public interest, or necessary for the exercise of official authority
  6. Recording is in the legitimate interests of the recorder unless those interests are overridden by the interests of the participants in the call.

Following the introduction of the new regulations, businesses will have to justify the need to record a call (based on the above conditions) and adhere to data capture and retention rules. Vitally, they will need to be able to gain explicit consent from individuals before any such call recording occurs; “calls are recorded for training purposes” is now an insufficient justification of the caller’s permission following the legal changes that took place in May 2018.

Consent to record cannot be assumed.

Individuals must opt-in to having personal information stored with the opt-in being explicit and deliberate, businesses must be able to adequately protect stored recordings from misuse. Also, they must be able to identify, access and, if requested, provide and delete any records of interactions that contain captured personal information.

So what does this mean for your business?

In response to the GDPR legislative changes, M247 can offer call recording solutions that enable your business to mitigate the risks posed by GDPR non-compliance. Whether you have a Hosted Telephony (Cloud PBX) or Traditional Telephony (Customer Premises Equipment PBX), we have call recording solutions that address individual rights and essential requirements of GDPR.

Get in touch for details…