As of 25th May 2018, much will have changed regarding General Data Protection Regulation (GDPR) compliance and your business telephone system.
One key area of consideration is compliance for Call Recording.
Businesses wishing to record calls will be required to actively justify legality, by demonstrating the purpose fulfils any of the following six conditions:
- The people involved in the call have given consent to be recorded
- Recording is necessary for the fulfilment of a contract
- Recording is necessary for fulfilling a legal requirement
- Recording is necessary to protect the interests of one or more participants
- Recording is in the public interest, or necessary for the exercise of official authority
- Recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call
This means that businesses who use Call Recording need to have drawn up specific policies and procedures outlining which of the processing conditions above they believe applies to them and where necessary explain how they will gain consent from participants.
What is more, if your business uses call recording you will need to consider and be clear as to which of the above 6 conditions applies to your business, or to specific types of calls.
As an example, for general call recording to monitor service levels or training staff in a contact centre, options 1 and 6 will apply. However, as the ‘legitimate interests’ of a business to evaluate customer service are unlikely to outweigh the interests of personal privacy under new regulations, in reality that only leaves gaining consent (option 1) from all participants as a necessary requirement.
Businesses should therefore look at how consent is requested and provided and how this consent can be captured for audit purposes.
Another consideration is what happens if the caller does not give consent?
Let’s look at some typical scenarios.
Inbound calls
An auto attendant message should inform the customer that their call will be recorded, but only if they wish to be recorded. Customers should inform the person taking their call of their decision regarding consent for call recording when the call is answered. At the point that consent is not granted, the call receiver needs to be clear as to how they can stop and delete recording thus far or how they will attend to the full deletion after the call has been terminated. There should also be policy in place to record that consent to record has not been granted, for future reference and audit trail.
Outbound calls
When you make an outbound call via a system that has continual Call Recording enabled, you must ask for explicit consent from the caller before the call can be recorded. If explicit consent is not granted you cannot record unless it falls under points 2, 3, 4, or 5. If these points are not fulfilled the caller should to be clear as to how they can stop and delete recording thus far or how they will attend to the full deletion after the call has been terminated. There should also be policy in place to record that consent to record has not been granted, for future reference and audit trail.
Internal staff calls
It is advised that businesses should within their employment contract include a clause that states that the use of a business telephone may result in the call being recorded. If staff members wish to make a private or personal call, using a personal phone is recommended.
Should you need fully compliant call recording software, that provides the ability to manage preferences ‘in call’ with a full post call audit trail, then do not hesitate to contact the team here at Evoke Telecom Services on 01509 278278 or by email at [email protected] who will be pleased to help.