As a business owner, you know the importance of communicating with your customers by phone. Whilst contacting clients by email is becoming more popular, there are times when telephone conversations remain crucial for your business. However, the General Data Protection Regulation (GDPR) and Data Protection Act limit what your organisation can and cannot do with phone calls. This article will explore the extent to which the GDPR sets limits to the carrying out and recording of telephone calls. This will provide your business with information on good practices to avoid a potential fine from the Information Commissioner’s Office (ICO) .
The General Data Protection Regulation is in place to protect the personal information of individuals. Therefore, the GDPR applies to verbal or written communication which contains or records the personal data of others. It applies to all businesses, no matter their size or type. Therefore, it applies to sole traders and public limited companies.
The GDPR contains a broad definition of personal data, which includes:
The GDPR contains numerous principles, which include the following:
In summary, the GDPR encourages UK businesses to limit the collection of personal data, both verbally and in writing. It does so because this protects individuals by limiting the amount of personal information in the hands of others, which could be subject to data theft.
The Information Commissioner’s Office is an independent organisation with the primary purpose of enforcement of data protection rights against UK businesses. It operates by providing in-depth and practical digital guides to GDPR compliance on its website. Additionally, it issues hefty fines of up to £17.5m against UK businesses that fail to comply. The ICO generally does the latter after finding an organisation guilty of GDPR violation following a formal investigation.
LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
As the GDPR covers the processing and recording of any personal information that could allow identification of an individual (known as ‘personally identifiable information’), it covers practically every customer telephone call. This is mainly the case when the call begins with security questions which, by their very nature, involve discussion of personal data.
Your business should therefore proceed with the belief that all telephone conversations with actual or potential customers come under the remit of the GDPR. It makes no difference if you make them from a landline or a business mobile. This means your organisation needs to avoid a breach of its legal requirements when handling sensitive information.
Carrying out the following actions will help your organisation stay in line with GDPR rules:
The GDPR also applies to verbal recordings alongside written documentation. This is particularly important with telephone conversations as most UK businesses tend to record them.
One of the most important things to get right is to inform the customer of any call recording, whether through an automated message or your operator, making this clear at the very start of the call. Any failure to do so is a likely breach of the GDPR , which the ICO will not tolerate.
The ICO is clear that the GDPR applies to personal information that could identify a living person. So any telephone conversation involving a discussion of an individual’s personal data (including initial security questions) comes under GDPR rules. Your business must, therefore, comply with the GDPR in relation to its business telephone calls to avoid the risk of an ICO fine for GDPR violation.
If you need help ensuring that your business telephone conversations comply with GDPR rules, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page .
Yes, the ICO website confirms that the data processing requirements of the GDPR apply equally to all businesses, whether sole traders, SMEs or international companies.
Does it make any difference if I call a customer from my personal mobile?No. The critical factor is whether the call relates to your business rather than the nature of the number used to call data subjects.
