Call recording allows you to identify strengths and weaknesses in agents’ performance, enrich training sessions with real-world examples, facilitate goal setting, track progress and, ultimately, improve service quality and customer satisfaction.
But your business will only benefit from call recording if your recording process is legal. Businesses which fail to comply with GDPR face eye-wateringly high fines. As such, it’s important you get it right. Here’s what you need to know.
GDPR was created to protect the data and privacy of all individuals within the EU. That means the legislation mandates all sorts of different things – and impacts businesses in many ways.
Under GDPR, call recording is classed as a form of “data processing”. For call centres to be able to record calls in a compliant way, they need to be able to show that they satisfy three criteria.
Firstly, if your contact centre wishes to record calls, it needs to be able to give a good reason for doing so. As such, your reasons for recording calls should satisfy at least one of the following:
Secondly, you need to remember that GDPR emphasises consent. In terms of call recording, this means that you must obtain explicit consent before any recording takes place. Good call recording software will provide options to acquire such consent.
Thirdly, GDPR requires that businesses are transparent. This means that, when you record a call, the person on the line needs to be notified that their call is being recorded, informed about what they’re agreeing to and told what their rights are when it comes to their data.
The depth of this information goes beyond the typical “your call is being recorded for training purposes message” and requires that the caller is presented with the full information about their rights, what they are consenting to and the reasons their call is being recorded.
This includes notifying callers that their rights regarding their personal data outweigh a business’s rights to use that data for commercial purposes. As such, callers need to be made aware of this fact as well as how to contact your business should they wish to query your call recording process or remove their consent.
For businesses looking to become GDPR compliant, a good place to start is to achieve Payment Card Industry Data Security (PCI DSS) compliance. PCI DSS is an information security standard for organisations that handle branded credit cards from the major card schemes.
The standard establishes a set of controls for keeping cardholder data secure and is supported by a regulatory framework. As such PCI DSS and GDPR have many crossover points. In particular, both ensure that data is collected and stored with integrity and confidentiality (which is the sixth principle of GDPR).
PCI DSS compliance can help businesses achieve GDPR-compliant call recording. And, because PCI DSS is so descriptive about how to achieve compliance (whereas GDPR is more general), achieving PCI compliance can be a huge step toward ensuring GDPR compliance.
At Elite Group, our call recording solutions are designed to meet both GDPR and PCI DSS compliance criteria. When you choose a PCI compliant call recording system, you get a cost-effective and reliable way to protect your customers’ sensitive payment information.
Are you looking for a GDPR-compliant call recording solution? Elite Group is the UK’s leading unified communications provider and can provide your call centre with a high-quality call recording solution that will keep your business on the right side of the law.