Before we install any new telephone system, we spend time with our clients and go through the possible feature set that their new system will support. We have a long list of items which can be enabled or disabled on request, and one of these almost always causes a stir and lengthy discussion – Call Recording.
With the introduction of GDPR back in May, there have been mixed messages surrounding the use of Call Recording – whether it’s allowed, when and how long files should be retained for. You may wish to record your calls for a number of genuine reasons – to monitor staff, for evidential reasons, for contractual or even legal reasons – but the Call Recording landscape is a minefield. With conflicting advice about best practice, and a considerable amount of GDPR scaremongering, we thought it might be time to clear things up.
It goes without saying that we’re no legal experts on the subject matter and, if you are really genuinely concerned about the legality of your call recordings, you should seek legal advice – but we’ve done our research!
Some points to consider
- If you want to record calls, you must have a good and justifiable reason for doing so. Under GDPR legislation, at least one of the following conditions must be met:
- Recording is crucial to comply with a contract
- Recording complies with legal requirements
- The people in the call have offered their consent to be recorded
- Recording is essential for the protection of one or more participants
- Recording is necessary for public interest purposes
- Recording is legitimately in the interest of the recorder (unless those interests are less important than the interests of the participant)
- Unless you are required to record calls in order to legally fulfil a transaction (i.e. banks), you need to tell callers if their call is being recorded, and give a reason why. For example – ‘your call may be recorded for quality and training purposes’ is a common phrase but, unless the reason for call recording is legally necessary, your caller has to actually opt-in to being recorded and can opt-out again at any time
- You can manage the opt-in process by having the caller press 1 to accept recording or 2 to decline it
- You need to consider how call recordings are stored, who has access to them and how often the calls are deleted
- Your staff can be given the ability to pause and stop call recordings by using a button on their phone – this is also required for PCI DSS compliance.
Call Recording is now an absolute minefield but our advice is to think about the motivation for recording calls in the first place. Is a recording the most suitable solution to your needs? Would live-monitoring be better, for example?
The long and short of it is that, technically, we can do almost anything you need us to – but let’s have a chat about how you see your requirements, and how we might be able to make things work in a compliant way.