Compliance and GDPR
Although Call recording has many uses and benefits, you should be aware of the legislation covering Call Recording and ensure that you are compliant with the new GDPR rules which came in to effect on 25th May 2018.
GDPR is replacing the Data Protection Act and aims to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
This blog post is to give a brief overview of GDPR requirements for Call Recording and how we ensure that our customers remain GDPR complaint when using our services.
How does GDPR affect organisations that wish to record their calls?
Under GDPR, consent must be a freely given, and be specific, informed and an unambiguous indication of the persons wishes.
In order to Record Calls, organisations must demonstrate how they are compliant with at least one of the following:
- Consent of the recorded subject.
- Recording is necessary for the performance of a contract with the subject or to take steps to enter into a contract
- Recording is necessary for compliance with a legal obligation
- Recording is necessary to protect the vital interests of a subject or another person
- Recording is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Where call recording is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject
How can consent be given?
The old DPA (Data Protection Act) allowed organisations to record calls without playing a consent message, so long as the recordings were not transferred to a third party, and only if the recordings were to be used internally, such as to monitor the quality of calls or for training purposes.
This is no longer the case with GDPR; In order to gain consent from the caller, there must be a positive action to give consent for the call the be recorded.
At the very least you must now play a Call Recording Consent Notice message at the beginning of every call to notify the caller, that the call may be recorded and the reason for recording the call.
The approach we're taking for our own calls is to play a consent message (Calls are recorded for training and monitoring purposes) and to assume that if a caller does not want the call to be recorded, they will terminate the call and contact us through an alternative channel such as email, website, Livechat, Twitter, Facebook, fax or even a letter.
We know what people say about "assuming", but we are confident about using this approach for a variety of reasons;
- We are a Business to Business provider and only communicate with existing customers and business who have contacted us.
- We have multiple communications channels
- We only use recordings for training and monitoring services
- We have documented how and why we record calls, including details about our data retention policy
- The ICO confirmed that this approach is GDPR compliant
What do you need to do?
Our Call Recording service is already GDPR compliant and you can configure everything online using myTTNC.
Fortunately, the changes you need to make are minimal, you just need to ensure your Call Recording message says that calls are being recorded and state the reasons why.
How does TTNC's Call Recording service work?
Call Recording Consent Notice
To help you stay compliant with legal requirements on both inbound and outbound calls, the TTNC platform plays a recording announcement at the beginning of the conversation to notify the customers, that the call may be recorded.
Flexible Call Recording
Call recording can be set up on a per number basis or a VoIP user, SIP Trunk or our Dial Through services, it can be turned on or off at any time using our platform. This allows you to set up recorded and non-recorded scenarios.
Secure Storage and Transfer
Recordings can be played and downloaded securely via our platform, we can also deliver call recordings via FTPS to the customer. Call recordings are available on our platform for 30 days unless otherwise agreed, they are then permanently deleted and cannot be recovered. All storage is within the EU in using PCI-DSS and GDPR compliant Data centres.
Role Based Access
We provide Administration feature in the myTTNC platform that allows the administrator of an account to set up additional users, and set their access rights to certain areas within myTTNC. Access to all data is password-protected and provided to authorised users only.
Call Recording questions
You can find out more about our Call Recording service here:https://www.ttnc.co.uk/services/call-management/bolt-ons/call-recording
If you have any questions about our call recording service, then please get in touch.
Telephone Number: 020 3151 1000
Email Address: firstname.lastname@example.org