Recording Calls and GDPR Rules

Call recording is a procedure that is used by a large amount of businesses aroudn the world. It is a tool that will continue to be used well into the future. There are many regulations in relation to this that businesses need to be conscious of, when it comes to GDPR and the recording of calls.

Business or organizations that record calls will have to take into account that  the General Data Protection Regulation (GDPR) will be enforceable from May 25 2018. GDPR Non-compliance can prove costly as the penalty for this is a fine of up to £20 million or 4% of annual turnover, whichever figure is bigger.

Have You Told the Individual Aware They are Being Recorded?

One of the most important thinks to be aware of in relation to compliance with GDPR is whether a person has been advised that their call is being recorded. For a company to comply with regulations, callers must be aware, and to have given their consent, for a recording to be captured.

How is the Recording Being Stored? Is Completely Secure?

One of the chief aspects of GDPR is that personal data needs to be saved and processed in a manner which means it is safe and can be easily accessed if requests are made by the subject, or by relevant third parties. This means that any organization which records calls needs to be aware of the way they are stored.

Legitimate Interest and GDPR

Expressed consent is not the only legal requirement required as there may be a valid (legal) reason for recording a phone call due to legitimate interest. For instance, if a person is calling emergency services then the call may be recorded in the interests of safety. Along with this, recording phone calls is obligatory in some business and trading sectors. This right, stated in the Data Protection Act (DPA), to ask for a copy any recording involving you is saved in line with GDPR obligations.

Under What Conditions Can the Recording Be Deleted?

One important element of GDPR is an individual’s right to be forgotten. This applies to when a person requests that information held regarding them is deleted. If there is no justified reason for a business or organization to go on processing the data, they need to adhere with the request for the information to be deleted. This means that companies must review the ways in which they can delete recorded calls when this is required.

Author: GDPR News