In the digital economy, there is perhaps no commodity as valuable as data, so robust safeguards must be implemented to ensure this information is protected. Two years ago, the European Parliament and the Council of the European Union approved the most sweeping changes to EU and UK data protection laws in over two decades—the General Data Protection Regulation (GDPR). The regulation is designed to protect the data of individuals within the European Union and the European Economic Area and will impact any organization conducting business with much of Europe. Even multinational companies based in the United States with contact centers that handle calls from the EU and UK must comply with the GDPR or face significant fines.
What is the GDPR?
Social media companies, financial firms, retail giants, government agencies, healthcare organizations, and numerous other services rely on collecting, analyzing, and storing personal data. This data includes names, mailing addresses, contact info, IP addresses, credit card information, bank account numbers, HIPAA records, and information regarding the things we buy and even the websites we visit. And a lot of this information is contained within call recording systems.
Prior to passage of the GDPR, the 1998 Data Protection Directive guided each of the 28-EU member states in enacting their own disparate data protection laws. The GDPR standardizes these data protection laws while imposing stringent regulations on how personally identifiable information is controlled and processed. It declares that organizations engaged in data collection must gather it under strictly defined conditions, safeguarding it from misuse and exploitation while respecting the rights of data owners. The reforms also cover breach notifications, opt-in consent, and transferring data outside the EU.
Penalties for Non-Compliance.
Under the terms of the GDPR, organizations that fail to comply with the laws face maximum fines as high as €20 million or 4% of total global revenue, whichever is larger. While this stiff penalty is reserved for egregious violations such as insufficient customer consent, companies can still be hit with large penalties for failing to keep updated records, failing to inform proper parties of data breaches, and failure to conduct impact assessments. Both data controllers and processors must ensure they are in compliance to avoid penalties.
Companies in the U.S. and all around the world rely on the call recording industry for quality assurance, training, security, and compliance. When these calls occur with an individual based in the EU or UK, recorded voice data must be gathered and stored in accordance with the GDPR. Failure to do so could open the offending party to heavy fines.
Choosing Proper Call Recording Software
OrecX designs the world’s most open and affordable call recording solution. We’ve developed our voice recording software to promote adherence to the GDPR. The software is offered in both open-source and commercial applications, which can be easily downloaded and installed in just 30 minutes. It’s fast, simple, and free of implementation costs. Visit our webpage to learn more about our innovative solutions for contact centers.