Skip to main content
Touch blog

How can you record mobile calls for MiFID II and GDPR compliance in Sweden?

Financial regulations evolve all the time. As many of you will know, MiFID II mandates that all communications related to investment advice are recorded. At the same time, GDPR imposes strict rules for the protection of personal data.

Striking the Balance: Mobile Compliance Recording for MiFID II and GDPR

This creates tension for MiFID II compliance, because personal data will always be associated with a call recording (what is termed ‘metadata’ – that is, the phone numbers of the participants, when the call was made, how long it lasted, and the information conveyed). How can this tension be resolved so you can comply with both regulations?

With Touch, you can meet the demands of both sets of legislation - without compromise. By deploying Touch's service, companies can ensure that their mobile communication recording practices are compliant with MiFID II while respecting GDPR's privacy mandates. This twin compliance is crucial for maintaining trust, avoiding legal penalties, and ensuring that sensitive information is handled with care.

Touch's Mobile Compliance Recording with Swedish Operators

Touch offers a comprehensive mobile compliance recording service – deployed in the network. This in-network recording capability is pivotal because it removes the need for any additional applications or installations on devices.

By recording all mobile communications directly within the network, Touch ensures that every call and message related to business activities is captured and archived in compliance with MiFID II. At the same time, Touch's solution also includes a robust GDPR module to distinguish and protect personal communications, ensuring that privacy is maintained, and that only relevant communications are recorded and stored.

Understanding Sweden's Mobile Network Landscape

Sweden boasts an advanced mobile network infrastructure, characterised by extensive 4G LTE and widespread 5G connectivity. As the 5G footprint grows, this infrastructure promises even greater reliability and quality of service.

For compliance recording, such robust network capabilities are essential, ensuring that all mobile communications, crucial for regulatory adherence, are captured without fail. The transition from 4G LTE to 5G also delivers an improvement in data handling and speed, further facilitating the seamless and efficient recording of mobile communications across Sweden.

In-Network Mobile Compliance Recording: How Does It Work?

In-network mobile recording operates seamlessly for the users within the mobile operator's network because it takes place at the level of the infrastructure. This means that we can capture essential business communications without the need for end-user intervention or additional software.

This automatic recording ensures all mobile calls are compliantly recorded and archived. The solution also supports remote working, as the recording takes place regardless of location. As a managed service, it supports operational efficiency while maintaining strict compliance with regulatory requirements like GDPR and MiFID II.

The solution also supports policies. Policy control allows rules to be set, governing what is recorded and when, as well as access to the recordings. In practice, this means that private calls can be excluded from the recording programme, while only privileged users can be permitted to access the stored files and data.

Limitations: Understanding What Cannot Be Recorded

In-network mobile recording is comprehensive, yet it has limitations due to the nature of certain communications technologies and network routing. Consumer based tools, like iMessage are not carried over the traditional mobile network because they use internet-based routing. The same applies to employees travelling. In this case, they are ‘roaming’, and their outgoing calls are not routed through their Swedish network operator - thus bypassing the recording system. Awareness of these limitations is essential for companies to navigate and maintain compliance.

Challenges with Mobile Extension, a solution specific to Sweden

Some customers with mobile recording in Sweden rely on mobile extension solutions, essentially a form of PBX recording. This method required customers to initiate calls to a landline, which were then routed through a PBX system to reach a mobile device. While this provided a workaround for mobile recording, it had limitations and offers a reduced end user experience.

Enhancing Compliance Mobile Recording with Touch

Touch's in-network recording service provides a robust compliance recording framework that aligns with both MiFID II and GDPR requirements. This advanced service ensures that all relevant mobile communications are automatically captured and archived, delivering a streamlined compliance process. By integrating with the key operators, Touch enables organisations to focus on their core business functions, confident that their compliance and data privacy protocols are respected.

Common Questions

What about private calls? Will these also be recorded?

Touch's whitelisting function is part of our policy control. It allows users to specify which phone numbers should not be recorded, ensuring that personal calls, like those to family or friends, are not recorded and kept private. Additionally, for a clear separation between work and personal life, a time schedule policy can be applied. These features are particularly beneficial for maintaining the confidentiality of personal interactions while complying with recording mandates for business communications.

What if we have a combination of both Android and iPhones? Does that affect the recording?

Since Touch's mobile recording is network-based, it operates independently of the device type. Whether an employee uses an iPhone or an Android has no impact on the recording process. The service captures all business-related calls directly through the mobile network, ensuring comprehensive coverage and consistency across different smartphone brands and operating systems.

How can you comply with GDPR and personal data handling obligations when recording mobile calls?

To comply with GDPR while using mobile recording services, you should ensure that only necessary business communications are recorded, minimising unnecessary data collection. It's important to choose a service that stores recordings securely within the EU/EEA, provides automatic data retention, and that grants access only to authorised personnel. Furthermore, maintaining a clear audit trail of data interactions and respecting the rights of employees and customers to access their own recordings are essential steps for upholding data protection and privacy.

Which types of organisations are legally obliged to record calls?

Organisations operating within the financial sector, particularly those subject to MiFID II regulations, are typically required to record all their business calls. Additionally, insurance companies have obligations to record certain communications as part of their regulatory compliance measures.

 What about dual SIM phones? Can one SIM be recorded and the other not?

Yes, it is possible to selectively record calls on dual SIM phones. This means that while one SIM can be designated for business purposes and subject to recording, the other SIM can remain private for personal use, without any recording being enabled. This provides users with the flexibility to manage their communications effectively, while ensuring compliance with regulatory requirements.

Your Checklist for Choosing a Mobile Compliance Recording Solution

Before selecting a mobile compliance recording solution, consider the following:

  • Does the solution provide a robust system for archiving and replaying recorded calls?
  • Storage time and retention: what are the storage time and retention policies offered by the solution for recorded data?
  • Is there an audit trail feature in place, and does the solution comply with GDPR regulations regarding data privacy and security?
  • Does the solution ensure compliance with MiFID II regulations, including automatic retention of recordings?
  • Does the solution provide a function for reconciling recorded data with other systems or records to ensure compliance with MiFID II?
  • Is your call recording solution compliant with the Digital Operational Resilience Act – DORA? 

Contact Us Today to Streamline Your Mobile Compliance Recording

If you have any questions regarding mobile compliance recording or need assistance in choosing the right mobile operator for your compliance recording needs, please don't hesitate to contact us.

Explore touch call recording

Explore
Touch call recording

Ensuring compliance using MS Teams and Touch Call Recording Service

Compliance recording for MS Teams offers multiple features for the recording of voice and audio calls, meetings, chat, messages, and more, but it’s essential to ensure that local data sovereignty and compliance regulations are met. Tight integration with Touch Call Recording Service ensures that.

How to Choose a Call Recording Solution for Public Sector Organisations: 5 Key Considerations

Choosing the right call recording solution is an important decision, not just for compliance purposes but also for operational flexibility, agility, and success.

Sign up today with touch call recording service

Get started with Touch Call Recording Service

Start recording in minutes, not months. Need something specific? Get in touch.
ENVIRONMENTAL CERTIFICATION

Touch is
Eco-lighthouse
certified

Touch Call Recording was recently awarded 'eco-lighthouse' certification, Norway's most widely used certification scheme for enterprises seeking to document their environmental efforts and demonstrate social responsibility.
Eco-lighthouse logo