The General Data Protection Regulation (GDPR) is coming into effect in 10 days, on May 25, and for any company in any industry that records calls, there are some thinks you really need to know. Here are several suggestions to carefully consider in order to become GDPR Call-Recording Ready. Plus, you want to do everything you can to avoid a fine up to 4% of your total annual revenue.
- Create a new policy for gaining called-party permission (verbally to record). It's not enough to simply say "this call may be recorded" anymore. You need verbal consent. NOTE: There are a few caveats here in which you don't need consent, e.g. if the interaction is necessary to fulfill a contract or legal requirement.
- Train all of your agents on the new policy and track their compliance as a performance metric - using quality monitoring software. Remember, GDPR is for both landline and mobile calls.
- Put a process in place for granting customers access to their recordings if they request it. They have the right, and you must comply.
- Set a time frame to purge your recordings after a period of time. They cannot be held forever.
- Safeguard your recordings with file encryption - this may be built in to your recording solution.
- You must be able to identify all recordings of a specific customer and be able to delete them easily. Customers have the 'right to be forgotten' and can require you to delete any recording of them.
- Recordings must be portable and able to be sent to a customer in a standard industry format, upon request.