On May 15th 2018, the General Data Protection Regulation becomes law, affecting more or less every single business in the UK. Most businesses are concerned merely with the eye-watering high fines that could potentially be applied to businesses who fail to adhere to the new regulation or at least those who get caught. It seems very few businesses are focusing on the potential benefits that could be gained in adopting a fair and transparent data relationship with their customers.
As regards businesses that record calls, GDPR has either a huge impact or little impact at all on the call recording process. This is largely dictated by whether those businesses are currently recording calls because they have to, or simply because they want to.
The wide-scale availability of low-cost or inclusive call recording capabilities in cloud-hosted telecoms services and on-premises IP-PBX installs means that calls can be recorded for little cost more or less at the click of a button. However, most call recording capabilities built into IP-PBXes and phones provide no encryption capabilities to secure call recordings and don’t sufficiently control access to recordings. This means they fail to meet the most basic security requirements for current regulation, let alone GDPR; plus the fragmented nature in which notices are played and consent obtained makes auditing compliance impossible.
In the UK, the recording of calls is currently governed by the Data Protection Act 1998. And, although it’s not mentioned specifically, the Act covers much of the basis on which the decision to record a call or not should be taken, as well as how the data should be stored. If you already follow the DPA to the letter of the law, then you are already only recording calls when you absolutely must and calls are stored securely with access strictly controlled and audited.
In terms of the handling of data, GDPR merely tightens up the existing DPA requirements and forces businesses to establish a chain of command on data management policy. Specific roles within the organization will be tasked with ownership of data management policies and training of staff on the need for security and the penalties of not adhering to it.
Where GDPR does get interesting is in the additional rights which must be granted to customers, namely:
GDPR will impact the call-recording process significantly. The typical “calls are recorded for training and security purposes” warnings will no longer be sufficient to gain assumed consent to record calls. Additionally, when recording has commenced, should the caller withdraw their consent then the agent receiving the call must somehow be able to stop a previously started recording and ensure the recording does not get stored.
Things get more confusing when your business is required to record calls for regulatory purposes, as in this case you are required by law to record calls. However, the recording contains personal data which in theory all parties must consent to. In these cases, any regulatory requirements trump those rights of the individual and therefore the call should be recorded. The problem here is that only relevant calls should be recorded, meaning that any enquiries which don’t meet the regulatory requirements for call recording cannot be stored if the individual has not opted in to having their data stored. This causes a major headache, as call recordings are not particularly indexable. Plus, gaining consent from the caller at the start of a call in the context of a discussion which is yet to happen isn’t easily done.
There are countless online articles citing the following justifications for call recording:
Point 6 is so subjective and vague that any justification focusing on this reason is in very rough waters. So the remaining options can be boiled down to either of the following:
In terms of options 2-5, the issue is that while you may have commenced call recording based on the justification that a contract may be drawn up over the phone or some financial advice may be given, if none of this happens and the caller has not consented to call recording then you have no justification to store the recording. However, you need to ensure a failsafe situation that means a call that is justified is stored without any potential error by the agent receiving the call to authorize the storage.
The solution lies in developing a data protection policy for call recording which adheres to industry regulation, meets the requirements of GDPR and doesn’t scare the caller off before their enquiry gets answered. The key is to be transparent with your customers and trusting that they will respect your transparency by providing consent. If consent is not provided, then be OK with that, but inform the agent receiving the call so they fully understand what can and cannot be discussed on the call.
This goes along the lines of:
If, however, the caller declines call recording they hear a prompt such as: “You have declined to have this call recorded. Unfortunately we will be unable to discuss financial matters with you, but stay on the line and we will answer your call as soon as possible”. The agent will be informed that the call is not being recorded with the message: “The caller has declined to call recording” prior to being connected.
Another option is to have the agent receiving the call obtain consent from the caller in such a way that the consent process is stored. If the consent is declined, then the recording is immediately abandoned.
In the event of any kind of complaint against your call recording process, you must be able to provide a robust response. The irony being that GDPR is actually forcing businesses to store more data on the details of a call than less.
Any call recording that is stored should have all evidence backing up the justification for the call recording as well as clear and absolute evidence of the consent being granted. If you play prompts to gain consent, and receive input from the caller, then this needs to be stored in such a way as to be clear evidence for that specific call. The actual prompts played will need to be versioned for that call, or the consent must be audible within the recording.
Finally, the process of handling any withdrawal of consent needs to be catered for, either by request of the caller or by the agent who has identified the recording of the call is no longer necessary. This requires interactive input from the agent for controlling the state of recording. And, as part of this, the agent should also have the ability to temporarily pause recordings and resume them if the topic of conversation drifts into an area where the justification for call recording does not cover, or another regulation overrules (for example PCI-DSS when taking card payments over the phone).
Top 6 assignments business students usually complete
Are you already a proud business school student or still hesitating whether it’s worthwhile to get an MBA degree? Either way, you’ve probably heard a lot about how rigorous MBA training usually is.
Benefits of technological decentralization in businesses
Benefits of technological decentralization in businesses
The Biggest Wins in Poker History
Outside of organised sport, poker is one of the most popular pastimes on the planet by players from Las Vegas to Laos and everywhere in between. One of the many reasons for poker’s popularity is the riches that the game can offer to those successful enough to consistently win the top prizes.
Drive more traffic for your currency exchange website to increase growth
The currency exchange market is constantly evolving so in order to have an edge over your competitors, you must be up-to-date with the latest trends and development in your industry.
The gambling scene in Washington — what is its future?
Things are looking up for fans of gambling in the United States of America. Many more states are warming to the idea of legalising sports, after US federal laws changed in 2018.
Top 5 publicly traded gun company stocks
For just a long time, the market for gun company stocks has indeed been completely ignored. Even so, even as the whole world becomes increasingly chaotic, firearms are mainly motivated by the demand for self-protection. This has resulted in an unprecedented rise in weapons sales throughout the US.
How to exchange ETH to BTC
Cryptocurrency exchangers are very popular with users of digital money networks. This is due to the fact that not everywhere you can pay with bitcoin, ether or other crypto-coins, however, you can buy any product or service with them, having previously exchanged for fiat (traditional money).
How to help your business make more money with technology
With technology constantly evolving, there is an increased demand for innovation and technology. This has led to a spike in eCommerce, which means more sales for businesses! Unfortunately, doing things the same way they have been done is not always the best course of action when it comes to marketing.
The industries utilising e-wallet payment methods
An increasing amount of consumer transactions are taking place over the internet, last year over 779 billion digital payments took place across the world. This figure is expected to grow by around 13 percent each year and more people enjoy the convenience and accessibility of spending money online.
Is online bingo legal in Washington state?
Online bingo is growing rapidly, with players everywhere noting the benefits of gaming from the comfort of home. Exciting, engaging, and best of all, offering a real chance to scoop the jackpot, bingo is enjoyed by millions worldwide.
6 Ways to increase the value of your home before selling it
When you are looking to sell your home, you want to make sure you sell it for a good price. Luckily, house prices normally go up over time, so you should not have any trouble selling it for more than you bought it for.