The General Data Protection Regulation (GDPR) is an EU regulation intended to strengthen and unify personal data protection, returning control to citizens and residents over their personal data, while simplifying the regulatory environment for international business. Additionally, the GDPR addresses the export of personal data outside the EU.
The GDPR will apply to any business or entity processing the personal data of EU citizens, regardless of their geographical location.
The UK government has confirmed that Brexit will not affect the commencement of the GDPR on the 25th of May 2018, with regulatory provisions being incorporated via the new UK Data Protection Bill.
Included Data Formats
- IP Addresses
- Device IDs
Included Personal Data
- Strengthened personal data rights, including the right to:
- be forgotten
- data portability
- greater access to personal data
- sue entities for failing to comply
- Strengthened consent to hold and process personal data, which can be withdrawn at any time
- Privacy must be built into data processing procedures
- Time limited mandatory reporting of data security breaches to regulators and those affected
- Regular monitoring of exposure to risk via Privacy Impact Assessments
- The appointment of a Data Protection Officer
- Substantial fines for non-compliance of up to 4% of global turnover
Organisations must ensure that data is securely stored, and is available to legitimate customers who will have the right to access, change and remove any of their personal data.
Key considerations for call recording:
- Recording Consent
An organisation needing to record telephone calls will need to justify legality, by showing that recording fulfils any of six conditions laid down by GDPR. Where these conditions cannot be met it may be necessary to utilise a process which provides positive consent to record.
- Old Infrastructure
Call recording data that is archived on aging physical media, such as tape and optical media, or is stored on end-of-life servers, poses a compliance risk. If possible the data should be deleted, or transferred to a secure, compliant and up-to-date environment where it needs to be retained.
- Legacy Recording Systems
Evaluation of the data management and search capabilities of legacy call recording systems will be needed to assess GDPR compliance. Replacing legacy recording systems and migrating data on to a new secure data platform may be the simplest solution.
- Locating Recordings
Customers will have the right to request access to any personal data being held. Organisations will have to identify, access and, if requested, provide and delete any recordings of interactions that contain captured personal information within one month. Modern advanced search and analysis technologies simplify the compliance task, so migrating to a new secure data platform may be the simplest solution.
Security Compliance Standards
X-on maintains accreditations with ISO 9001 (Quality Management of Systems requirements), ISO 27001 (information security standards), ICO (data protection act compliance), DSP Toolkit (NHS data security standards), SBS CARAS2 Framework, and are a Crown Commercial NHS Framework Service Supplier.
For further information on GDPR compliance please call Sales on 0333 332 0000.