GDPR TXI solution Guide
GDPR has raised many questions with our partners and customers, this guide discusses how it correlates to the TXI solution. It is highly recommended to seek independent advice to ascertain your role within the supply chain.
Call Recording – Need for Consent
Call recording is now only lawful under the following circumstances.
The people involved in the call have given consent to be recorded
Recording is necessary for the fulfilment of a contract
Recording is necessary for fulfilling a legal requirement
Recording is necessary to protect the interests of one or more participants
Recording is in the public interest, or necessary for the exercise of official authority
Recording is in the legitimate interests of the recorder unless those interests are overridden by the interests of the participants in the call
Most organisations call recording will fall into category 1, you must now provide explicit consent for the call to be recorded. Whilst point 6 could be argued in a few situations, it has already been stated publicly that training and monitoring does not fall into point 6, therefore it falls into point 1. This is a significant change to the current DPA rules. We recommend that any inbound calls to a user on our platform that has call recording on provides a pre-announcement prompt to obtain consent. For example:
‘Please note that calls may be recorded for training and monitoring purposes, should you not wish your call to be recorded, please hang up now’
Customers making outbound calls from our platform that are recorded are more difficult. The company should ensure that a process is implemented to inform the person they are calling that they are being recorded and gain their consent. Best practise would be to include the fact that calls could be recorded to any communication medium.
Right to be forgotten – Call Recording
Should an end user invoke their right to be forgotten then the ramifications will be far deeper in other areas of the customers business. Eg removal from databases, CRM, documents. Our call recording solution offers a simple portal for a supervisor to search based on DDI and then erase any call recordings from that end user.
Right to be forgotten – Call Reporting
TXI/TVF must keep call logs due to its legal obligations as a telephony/utility provider, these supersede the GDPR legislation.
Right Of Access – Call Recording
Should a user request access to their recordings the portal is provided to share these with the end customer. This link maintains the integrity and security of the recording as it doesn’t leave the all recording platform and will expire in 24hrs of sending to the end user.
Right Of Access – Call Reporting
The end users have a right to know how their data is being processed and can request access to their personal data. TXI provide portals to the group administrators, this could either be the partner admin or end user admin as appropriate. The admin can run reports on DDIs and demonstrate the activity to the end user.
Controllers and Processors
The GDPR applies to ‘controllers’ and ‘processors’.
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
TVF are the processor of the data. Having already built a highly secure and resilient platform for processing customer data, the role of the platform doesn’t change under GDPR.
The controllers are the end customers during their usage of the service. Our resellers however will act as controllers during the onboarding as they will have to handle the customer data during this period.
For a wide understanding of GDPR of you and your customers responsibilities further information can be found here.