GDPR and Telephony
GDPR will apply to any business, whether EU-based or not, that collects, stores and processes the personal data of EU citizens. It concerns all data that can identify an individual including video and call recordings.
The introduction of the GDPR on the 25th May 2018 brings with it ‘lawfulness of processing conditions’. At least one of these conditions must be met in order for the recording to be deemed lawful:
- The people involved in the call have given consent to be recorded Recording is necessary in order to fulfil a contract
- Recording is necessary for compliance with a legal obligation
- Recording is necessary to protect the vital interests of a data subject or another person
- Recording is in the public interest, or necessary for the exercise of official authority
- Recording is in the legitimate interests of the recorder, unless those interests are over ridden by the interests of the participants in the call
Individual’s must have the ability to easily opt-out of further use of their data. This includes ensuring registration with the TPS means no unsolicited cold calls are placed to these numbers (no change there, but bear in mind that third party opt-ins will no longer be valid).
Strict, documented limitations on how much data is collected and how long it’s kept for (data minimisation). For example, If you don’t need order details on your dialer database after the order has been completed, why not delete them?
If you have good answers to these questions that justify obtaining and retaining the data, then that’s fine, you just need to demonstrate you’ve given the matter serious consideration. Ofcom are the Advisory body for the telecommunications sector so this link may be helpful for you: https://www.ofcom.org.uk/phones-telecoms-and-internet but please contact us direct with any specific queries.