While there is a growing need to record mobile calls, non-compliance of General Data Protection Regulation (‘GDPR’) could lead to substantial fines. Resilient plc is pleased to announce a new eBook to help guide organisations around the challenge.
Organisations are increasingly looking to record staff telephone calls, whether in response to specific regulatory requirements, for dispute resolution or quality assurance. The GDPR will apply because recording calls will generally result with ‘personal data’ and, potentially, so-called ‘special categories’ of personal data being obtained. For example, during a recorded telephone call where one party gives their home address, the organisation will inadvertently capture personal data.
Furthermore, data can be ‘personal’ even if the information is not especially private. For example, an organisation that records a call where an employee mentions that they were present at a meeting earlier that day will be recording personal data about that employee (namely, that they were present at that meeting). In addition, data does not need to be accessed or used in any way by a human being before the GDPR can apply. It is enough if an organisation is simply storing the data electronically.
Organisations can record calls that involve personal data to comply with a legal obligation. However, if there is a viable option for ensuring that only business calls are recorded, then an organisation that nevertheless adopts a blanket recording policy for the purposes of recording business calls under which personal calls are also inadvertently recorded may well be contravening the GDPR.
Understanding the implications of GDPR for businesses on call recording is complex. The new eBook, “Call recording under the General Data Protection Regulation (GDPR): A UK legal perspective” explores the implications of GDPR to help inform your call recording strategy.
For more information about call recording, visit: https://resilientplc.com/content-hub/.