GDPR & Call Recording: Where We Are Today

What do you need to know in 2020?

3
GDPR-Call-recording-2020-Compliance-regulation
Contact Centre

Published: August 11, 2020

Rebekah Carter

It seems like a lifetime ago that everyone was talking about the arrival of GDPR, and the impact it was going to have on businesses worldwide. For months, organisations sent out endless emails and requests to maintain customer information. Companies updated their privacy policies, and we all changed the way that we communicate with customers.

Now, over 2 years on, many brands are beginning to see the General Data Protection Regulation as a natural part of the communication experience. However, there are still some businesses out there that struggle to understand what it means to be truly compliant.

GDPR launched as a method of protecting personal data on a greater scale than anything we could accomplish before. Are you handling GDPR the right way today?

What Does GDPR Really Mean?

2 years ago, when the EU GDPR regulations began on the 25th of May 2018, the landscape of regulated data protection law changed forever. GDPR addressed how companies handled and exported personal data. Everyone, both inside and outside of the EU, had to adapt.

Even companies outside of the reach of the EU law still needed to make changes to how they collected data from EU citizens. Most businesses decided to change their strategies immediately. However, there are still a handful of organisations unable to continue working with EU clients, simply due to a lack of the right GDPR system.

The good news for many brands, is that GDPR was more than just a significant disruption to the way that we work. The introduction of this new regulation introduced improved ways for businesses to connect with their customers and create better experiences for clients.

What Does GDPR Mean to Call Recording

One of the most significant areas that GDPR influenced, was the call recording landscape. Prior to the GDPR guidelines, organisations didn’t need to do anything more than mention they were going to record a conversation. If the client continued the conversation, then the regulations assumed they were “agreeing” to the recording.

Now, to comply with GDPR, consent must be clearly acquired. Businesses need to explain why they’re recording calls too, and the reason must fulfil conditions like:

  • The participant gives permission to be recording for a specific purpose
  • Recording is essential to fulfil a contract relevant to the participant
  • Recording is essential to fulfil a legal obligation
  • Recording is necessary to defend the interests of the participants
  • Recording is in the best interest of the public.
  • Recording is in the interest of the recorder unless the interests of the participant over-ride the needs of the business

Adapting to New Standards

Today’s businesses need to be clear on when, where, and how they’re recording calls, and managing data. It’s not enough to simply let clients know that you’re recording them anymore. This means that many organisations are investing more heavily into recording and data management systems that handle various GDPR factors, like:

  • Data protection requirements: Call recordings need to be securely stored and managed. Organisations also need to apply policies to protect that data
  • Data retention rules: GDPR explains that data is only suitable to be retained for the length of time required to fulfil the purpose of the recording
  • Right to access data: Data subjects always have the right to access personal data. If you receive a request, you need to comply with it within 30 days
  • Right to be forgotten: Mechanisms must be in place to ensure that all personal data from an EU subject is available to be deleted if the subject requests this

The good news is that today’s UC and Contact Centre companies are taking extra steps to make technology more suitable for GDPR. Recording systems come with advanced storage and management tools in place to improve privacy and accessibility for teams.

The right vendors can ensure that business leaders have all of the systems that they need to not only access consent for a recording but follow the rules of GDPR after gathering data. This includes using intelligent IVR systems to request permission for a recording before passing a client through to an agent. It also addresses processes like giving companies the ability to search for data quickly and easily when GDPR deems it necessary.

Creating a Centre of Compliance

In the modern contact centre, companies can’t just have the right tools for recording information. Organisations need fully-featured compliance centres that ensure end-to-end support for the latest regulations. It’s essential to work with vendors that can help with visualising data, managing privacy, and reducing security problems.

 

Call RecordingInteractive Voice ResponseSecurity and Compliance
Featured

Share This Post