Call Recording, VoIP & GDPR

Written by Matthew Harris on 25th January 2018

Call Recording, VoIP, Hosted Switchboards & GDPR



If you have a regulatory or compliance need to safely record confidential calls and/or you just need a more flexible telecoms setup, we can help. You also need to be aware or the type of personal information that may be recorded and have appropriate data protection, processes/procedures and user training to make sure you are GDPR ready. 


Call Recording

Our system has a call recording mechanism which you can choose to apply on any or all of your telephone extensions.   You can also choose whether or not to record internal calls between extensions.  We store the call recordings on our customer management portal.  You decide which users are authorised to access the recordings.  You can play back the recordings on your computers or mobile devices.


Other benefits of a good phone system (above the standard stuff)

  • Treat special customers differently
  • Respond to callers with an automated greeting
  • Tell a caller how far up the queue they are
  • Block unwanted callers
  • Use your smartphone as a telephone extension
  • Out-of-hours call handling


Let’s have a look at some of the compliance requirements for recording calls (ie MiFID 2)

  • Document: Record all calls which will/may result in transactions
  • Notify: Notify the customer that the conversation is being recorded
  • Store: Store all communications for a minimum of five years
  • Retrieve upon request: Reproduce quickly and easily all communications leading up to a specific transaction or in a given time period



Here is an extract from the Information connissioners Office (ICO) regarding their Audio recording article:


The recording of audio can also provide an important permanent record of an event, for example, in a call centre or recording audio in addition to video as is possible with some CCTV systems. However, it can also be intrusive, as recognised in an enforcement notice issued in July 2012. The ICO’s CCTV code of practice offers additional guidance on the proportionality considerations of audio recording.

Data controllers must consider the security of lawful recordings and whether this can be achieved through the use of full-disk or file encryption products. However, some types of audio recording devices such as a dictation machines may not routinely offer encryption. The data controller must consider whether an alternative device is more appropriate or consider additional technical and organisational safeguards such as deleting the data as soon as practicable and locking the device away when not in use.

In the event that an unencrypted version of the recording should be retained (eg for playback in a Court of Law) then a range of other compensatory measures must be considered. These can include storage within a secure facility, limited and authorised access and an audit trail of ownership and usage.

The data controller must also consider the security of recordings once transferred from the device for long-term storage and be aware of other requirements which may prohibit audio recording of certain types of data. For example, the Payment Card Industry Data Security Standard prohibits the recording of card validation codes.


If you would like to discuss any of the points above, please call us on 023 92482556.



Many Thanks


Share this article

Facebook Twitter Linkedin

Have a question? Get in touch.

02392 482556

MDI Networks Limited

Ferryspeed Business Park, Limberline Road, Hilsea, Hampshire, PO3 5JT