From May 2018, the GDPR (General Data Protection Regulation), will replace the Data Protection Act. How will this affect call recording?

On the 25th May 2018, the GDPR (General Data Protection Regulation) comes into force, replacing the Data Protection Act 1988. The GDPR gives individuals based in the European Union greater rights and more control over their data.

GDPR will apply to any business, whether EU-based or not, that collects, stores and processes the personal data of EU citizens. It concerns all data that can identify an individual including video and call recordings.

The introduction of the GDPR brings with it ‘lawfulness of processing conditions’. Put simply, at least one of these conditions must be met in order for the recording to be deemed lawful:

  1. The people involved in the call have given consent to be recorded
  2. Recording is necessary in order to fulfill a contract
  3. Recording is necessary for compliance with a legal obligation
  4. Recording is necessary to protect the vital interests of a data subject or another person
  5. Recording is in the public interest, or necessary for the exercise of official authority
  6. Recording is in the legitimate interests of the recorder, unless those interests are overidden by the interests of the participants in the call

To stress how important it is that you comply with the GDPR, consider the fact that the Information Commissioner’s Office (the law’s regulators) state that small incidents of non-compliance could result in a penalty of £7.9 million or 2% (whichever is greater) of a company’s annual turnover. For bigger incidents, the fine could be up to £17million or 4% (whichever is greater). Consider the implications on reputation, and potential bankruptcy, if you were found to not be following the regulations.

Still confused on how to get your business ready for GDPR?

For further information, visit the Information Commissioner Office’s dedicated GDPR mini site.