Are your call recordings GDPR compliant?
Author: Laurence Glen | Date published: January, 23, 2024, UK | Read est: 4 min read
In breach of GDPR regulations, in 2019 HMRC had to delete 5 million call recordings as they didn’t have the explicit consent to record or keep them. HMRC, alongside Google and Facebook, are just a few of many companies to face serious fines, as since May 2018, the GDPR rules came into effect, which dictate how businesses all over the globe must store customer data. The aims of the regulations are to protect any personal data shared by customers living within the EU and EEA. This can be anything ranging from their names or location, to their gender identity and religious beliefs.
One of the most important privacy laws introduced in the last 10 years, keeping up-to-date with all the rules and regulations helps you stay one step ahead, and avoid falling, like so many companies have, into the trap of poor privacy regulations. It is crucial to master the art of GDPR, not only for the protection of your company, but of anyone you store data for.
It is easy to think that this doesn’t affect you, but remember that when dealing with customers who live within the EU, every business and organisation must play by the rules, no matter if they are based in the EU too.
What is GDPR compliance?
Since 2018, the rules now state that any company who collects, stores, or processes customer’s private information must get informed consent from the individual before any of that happens. Take special notice of the word informed, because in the world of GDPR compliance, transparency is always key and avoiding ambiguity is absolutely necessary.
One question that is often raised when it comes to GDPR is the legality of recording phone calls without consent. This would most certainly be considered a breach of the data protection and privacy laws, with a lot of potential consequences, and none of them pretty. The rules do not differ if the recordings are of video meetings, as all forms of calls fall under the same umbrella of client confidentiality.
Whilst the UK is no longer part of the EU, the new GDPR regulations for 2023 mean that the rules around recording phone calls or meetings are essentially identical. This guarantees a smooth transition post Brexit, and equally as effective levels of data protection.
How can you keep your recordings compliant?
Getting permission
Most businesses now have an automated message warning customers that calls may be recorded. When it comes to choosing information to store, you should only keep information when it has a valid purpose that can be easily identified by GDPR regulators, making sure you consider and integrate privacy policies at every level of the process.
Storing safely
In order to store the information safely, always keep your employees trained to avoid human-error, and keep your systems tight to avoid any data leakages. It’s best to plan for the worst and hope for the best, with incident response tactics already at hand for quick, well thought through reactions.
Right to be forgotten
Since GDPR decrees that people have the right to be forgotten, call recordings need to be easily retrievable. It is well within a customer’s right to have personal data removed. This may happen when the client deems that it is no longer necessary to have their information stored, and all they would need to do would be to remove their consent.
What are the consequences of not following the rules?
Companies that don’t follow the rules may face fines, legal action, and investigations from law enforcement authorities such as the ICO.
This naturally doesn’t bode well for the reputation of the business and would likely cause a major loss in consumer confidence and trust, which, as in any relationship, is everything.
Google and Facebook are just a few of the big names that have felt the unrelenting consequences of GDPR regulation breaches. In 2020 CNIL, the French data regulators, issued fines of up to $150 million for privacy violations, stating that there was a lack of transparency, and unclear consent forms, which reminds us again of how crucial understanding really is under the new GDPR regulations.[1]
How can Focus Group help?
Focus Group uses solutions whereby call recordings are available via a web-based portal and include details on whether the call was incoming or outgoing, the names and numbers of the people involved in the calls, plus the time, date and duration. These categories keep all of the information at the tip of your finger, allowing you to search for specific criteria in case you need to supply call transcripts or delete recordings to meet GDPR rules. All recordings are also encrypted to ensure maximum security.
Leadership teams now more than ever have a responsibility to manage risk on behalf of clients, employees and shareholders. News about data breaches hit the headlines every week, and to avoid putting your name on the list, businesses must place a higher priority on data security and compliance. Call recording not only helps support compliance for GDPR, but of MiFID and PCI DSS.
If you are unsure in any way about whether or not your company is following proper GDPR procedures, you can contact Focus Group today and speak to one of our experts.
Laurence Glen
IT Director
Our IT world, together with the ongoing development of this business-critical portfolio of services, is in very capable hands with Laurence at the helm. IBM-trained and with a 22-year track record of proven success in the IT sector ensures Laurence is perfectly placed to lead the overall IT strategy for Focus Group, ensuring we’re at the forefront of product development and service innovations in order to deliver the best possible IT technologies for our customers.