On May 25, 2018, the General Data Protection Regulation (GDPR) of the European Union took effect. The GDPR unifies data protection for all individuals in the member states of the European Union and gives EU citizens unconditional control of their personal data.
ASC, your partner for legally compliant recording, helps you to successfully fulfill the requirements that the EU GDPR brings for your recording solution. It is especially important to have the following topics at the focus:
The data subject’s active consent to the processing of his or her personal data:
Callers have to actively consent to being recorded while at the same time it is mandatory for companies to state the purpose of the recording.
The data subject has the right to request erasure of personal data:
How long recordings are archived depends on their purpose and callers should be informed about the duration. It is the responsibility of the company to delete the data after this period.
The data subject has a right to access personal data:
Customers as well as employees have to be granted (electronic) insight into the data stored about them. The company is responsible for providing this information without undue delay.
Right to be forgotten: “The data subject shall have the right to obtain from the controller the erasure of his or her personal data without delay ...” This implies that organizations have to delete personal data immediately upon request if the data is no longer required for the purpose stated in connection with the recording.
But be aware that this right does not interfere with legal obligations such as MiFID II!
Quick and easy access to recordings:
Stored data which can be used to identify a person must be easily retrievable and clearly distinguishable from the data of other persons.