You are probably sick of hearing about GDPR by this point. The rules and regulations surrounding Call Recording have been confusing enough, governed by a web of data protection and privacy laws, the rules of what you can and cannot record and what you can do with those recordings, depend on a variety of factors. From the industry you operate in to the kind of transactions you deal with on those calls and the information you record has an impact.
As of the 25th May 2018 the rules changed once again and companies all over the UK and Europe have been trying to keep up.
The latest European solution for data protection covers call recording, compliance and data management. Replacing the data protection act of 1998. Combining the Regulation of Investigatory Powers Act in 2000 and the Human Rights Act in 1998 to strengthen the rights people have regarding how their data was stored and used. Because of the potential for recorded calls to capture personally identifiable information and sensitive personal information.
The aims of GDPR are not completely removed from that of the previous campaign. They are all concerned with data security, the protection of privacy and the way we process data. There are however a few major changes. For instance – companies wanting to record calls will need to have a good reason for this. GDPR suggests that your recording purpose should fulfil at least one of the following:
- Recording is crucial to comply with a contract
- Recording complies with legal requirements
- The people in the call have offered their consent to be recorded
- Recording is essential for the protection of one or more participants
- Recording is necessary for public interest purposes
- Recording is legitimately in the interest of the recorder (unless the interests are less important than the interests of the participant)
Essentially GDPR is about “consent”. No longer is tacit consent enough to keep you out of the spotlight. The new legislation wants to implement a “Principle of Accountability” which has pushed businesses to implement detailed measures for acquiring consent and keeping information secure. Call recording is a form of data processing. In the previous regulations, companies needed to inform individuals of how their data was processed. This is still relevant but the balance between customer needs and business preferences is changing.
GDPR rules come from a long period of consultation between member states and the UK. Designed to bring all the different rules and regulations together so that everyone is on the same page. The biggest difference is GDPR makes the rights of the individual more important than the rights of the organisation. The principle of accountability make the data protection conversation more complex – similar to health and safety compliance.
From now on, call-recording systems will need to have the ability to access explicit consent for participants before the recording takes place.
Ultimately, if you want to stay compliant with GDPR the most important thing to remember is that you need to notify customers that you are recording a call. You do not need to go into as much detail as you might on a website, but you do need to make sure that they know what they are agreeing to, and what rights they have when it comes to their data.
Information obtained from an article call Recording & GDPR: Staying on the right side of the new regulations By Rebecca Carter – UC Today