Mobile call recording and legal compliance
Today's businesses use a mix of different channels for communicating between employees and customers. With the transition to telecommuting and working from home for part of the workforce, it is no longer feasible to only use fixed lines for voice communications. As a result, most organisations are also using mobile devices, alongside VoIP lines and their computers to make calls. As a result, businesses that record all calls between their teams and customers must also consider adding mobile devices to the recording solution.
Implementing a mobile call recording solution is not an easy task for any enterprise. Traditional systems tend to focus on landlines or VoIP and ignore or make a “special policy” for calls made on mobile devices. However, businesses need a solution that can record all calls - whether they are made over apps like Skype/ Teams, on a mobile or through VoIP phones.
The issue is further complicated by the fact that organisations must comply with various legislation if they record calls.
It is not enough for a company to use just any system for mobile call recording. The solution must also record calls legally and ethically. Legal compliance means it is the responsibility of the business to ensure call recording complies with all applicable requirements.
Some countries have more restrictive rules than others. In many cases, industry-specific legislation also exists with respect to call recording. So, if a business operates in more than one country, they may have to abide by multiple regulations. It is recommended to comply with the stricter rules to minimise the risk of non-compliance.
General Data Protection Regulation (GDPR)
The GDPR was implemented in 2018 and introduced sweeping regulations relating to the collection and use of data on EU citizens. Unlike other legislation, it applies to any business that collects data on EU/ EEC citizens. The business need not have an office or operate within EU/ EEC boundaries to fall under these rules.
The GDPR has specific rules related to recording calls. In addition to stricter requirements for consent, businesses must justify its use under one of the following parameters:
- All parties should give consent for one or more stated purposes
- It is needed to fulfil a contract to which the participant is a party
- The recording is required for a legal obligation on the part of the business
- It is needed to protect the interests of one or all participants
- Call recording is in the public interest
- It is in the interest of the business unless the participants have overriding interests regarding the protection of personal data
Businesses must ensure that they can comply with all relevant parameters of the GDPR.
Markets in Financial Instruments Directive II
Companies in certain industries like banking are legally required to record all calls. Other finance professionals in the EU are also mandated to record calls under the Markets in Financial Instruments Directive II (MiFID).
The MiFID II covers almost all asset classes including currencies, equities, commodities, and debt instruments. It imposes extensive reporting requirements on all financial professionals and requires them to record phone conversations.
But organisations that use call recording mainly for training or quality assurance need to get informed, unambiguous and freely given consent from all participants for legal compliance.
Data storage, retrieval, and access
Legal compliance does not end once the call has been recorded. A business also must store the recorded data, retrieve it as required by law, and restrict access to authorised personnel only – the exact requirements differ, from one jurisdiction to another.
Regulations generally state the length of time recordings must be stored and available to the authorities. The business needs to be able to retrieve the data even years later if need be. The recording and storage system should also implement security measures such as encrypting the data. Additionally, the recorded conversations must be accessible only to authorised personnel.
Touch Call Recording Service
Navigating the complex legal landscape of call recording is not easy for businesses. That is why Touch offers a fully compliant call recording service for organisations, covering mobile and fixed communications, as well as other digital channels. It is a managed service that works behind the scenes to record all calls. Enterprises do not have to buy new hardware for it, nor does it require additional investment in IT resources.
Recorded calls are stored in mirrored data centres, so clients always have access even in an emergency. The access rights ensure that only authorised employees can retrieve the data. Touch complies with the GDPR, so businesses can delete recorded data for customers who request the right to be forgotten.Businesses have many reasons to record calls, but it is imperative they do so while complying with all relevant laws. Touch Call Recording Service allows organisations to do exactly that with a fully managed and maintenance-free service – protecting your business and ensuring compliance with relevant legislation.