Call Recording Faces GDPR, MiFID II and AI Challenges

“…call recording needs to be user based rather than device based – David Dadds, VanillaIP

Today call recording is used just about everywhere. Driven to a large extent by compliance and now set for a greater degree of scrutiny by security regulations set for introduction this year the fact remains that call recording has a huge role to play within business.


Call recording has almost become a ‘must have’ these days as its use and application has widened considerably. In some markets, for example, blue light services, call recording is a mandatory requirement but it is in the commercial sector where the volume sales have occurred in the last 5 to 10 years.

There are many reasons for this. Prices have tumbled both relatively and in real terms as volumes rose and competition increased. As a result, call recording became a mainstream SME product instead of an enterprise level luxury.

More recently call recording has become a far more integrated application and is now a key component in UCaaS deployments.

Digital Transformations are also helping drive sales as Gavin Sweet at Simetric Telecom pointed out.

“Organisations want to eek more and more value out of the data contained in voice interactions – whether this is tracking brand, sales or people performance.”

Today the application faces many challenges in the form of regulatory compliance and security requirements and here we’ll examine how the introduction of the GDPR in May could affect how the application is used.

So, how will the GDPR affect the use of call recording applications?

Ian Bevington, Marketing Manager at Oak Innovation sees GDPR as an opportunity for organisations to review their data policy and proactivity evolve customer relationships.

“By investing in compliance, organisations can clean up their data and differentiate from those not activity embracing GDPR.

Organisations that record calls will need tighter control of their recording data together with the ability to remove data when required. As part of GDPR, the consumer now has a right to be forgotten. Many basic recording platforms don’t have the flexibility to remove client specific data.

During February, Oak innovation will be introducing a GDPR module with additional features and reports to help users manage GDPR compliance even more effectively.”

Andrew Fawcett, Product Manager at TeleWare, reminds us that GDPR supersedes the previous Data Protection Act (DPA) and stipulates for the first time the specific situations in which call recordings may be made, notably the following:

  1. Where individuals have given consent to be recorded (this consent cannot be assumed)
  2. Where recording is necessary for the fulfilment of a contract
  3. Where recording is necessary to satisfy legal requirements such as to maintain compliance with the MiFID II regulations which affect the financial sector
  4. Where recording is necessary to protect the interests of one or more participants
  5. Where recording is in the public interest (such as in the case of emergency services calls)
  6. Where recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call

What this means in practice for commercial organisations is the recording of calls will nearly always have to be undertaken with explicit consent. Whilst this is generally considered good business practice, GDPR adds weight in terms of heavy fines if this consent cannot be proven.

Simon Whatley, Sales Director at Tollring says his company advocates the importance of integrating call recording with analytics to maximise the understanding of customer interactions across the business.

“Companies can maximise customer intelligence by analysing inbound and outbound calls regularly to identify issues, improve performance and establish trends.

As analytics solutions make rapid advancements leveraging cloud technology, compliance will be better served. With the new MiFID II regulations now active and the GDPR deadline approaching, compliance is a hot topic for 2018, forcing call recording functionality changes and the introduction of the next generation of call recording solutions.

The clock is ticking on security compliance don't leave it until the last-minute

The clock is ticking on security compliance don’t leave it until the last-minute

Although compliance is a key focus, planned changes to call recording software in order to facilitate compliance will significantly enhance current products, adding, for example, better audit logging, call recording management and control. The next generation of call recording products will add further value to partner propositions and from a sales perspective will present an upsell opportunity for the channel.

We see the value of integration across an organisation’s wider business systems also becoming more important not only to assist in meeting compliance objectives, but to enhance an organisation’s customer experience and to help businesses realise value. Call recording will become more accessible via better integration by leveraging APIs. The Cloud is having a significant impact by making this possible and more affordable.

The next generation of call recording will be further enhanced by the adoption of AI services delivered via the Cloud. These services will enable exciting developments such as speech-to-text and sentiment analysis so that call recording and video content can be analysed more effectively. This will deliver a new level of business intelligence around customer interactions, facilitated by call recording content.”

Pete Ellis, Chief Revenue Officer at Red Box, says that call recording applications will play a crucial role in GDPR compliance, built into the data management policies and processes of an organisation.

Businesses will need to feel confident that the solution they are using can support them in the following areas:

  1. Capturing consent for recording – organisations will need to be a lot clearer on how they will be using or ‘processing’ recorded calls and data, but they will also need to ask for and keep a record of the fact that consent was explicitly given. There are also implications around conflicting regulations e.g. MiFID II, where recording is mandatory for compliance, and how consent works in these circumstances.
  2. Identifying an individual’s records – The GDPR widens the existing ‘right to be forgotten’ and individuals will be able to withdraw consent and request for their personal data to be deleted or ported elsewhere. As such, the ability to link communication data captured from different sources to an individual and to have the capability to export these records and associated metadata into data management tools, such as CRM systems, is key so that organisations can easily build a complete picture of the personal data held on file.
  3. The controlled ability to delete or port records if required
  4. Keeping records safe through controlled platform access, encryption and deployment options

Tom Maxwell, Head of Dealer Sales at Nimans, agrees with us when he says that call recording is not a ‘nice to have’ but a ‘must have’.

“The forthcoming GDPR legislation will pour more fuel onto sales fires – following on from MiFID II which came into force at the beginning of this year. But for me there’s still a lack of awareness in certain parts of the channel about how big the impact will be. We are only just scratching the surface as many businesses are still evaluating and establishing their own strategies moving forward. Companies selling at the very high end are aware of GDPR but I genuinely feel the market has not fully got to grips with all the ramifications.

Resellers should recommend call recording into any customer engaging environments. Businesses and their customers can be assured that best practice is being adhered to. However, there’s much more to call recording than just recording a call for legal purposes.”

What are the top three differences between SME and Mid-Market Solutions?

Pete Ellis at Red Box says the differences in the SME and Mid-Market solutions he delivers are driven by the complexity of customer requirements and budget.

“We have single user to enterprise solutions in place and find the main differences to be:

  • Solution architecture – for example, a Mid-Market solution may require multiple points of resilience, capture from multiple platforms and integrations with other systems such as CRM and analytics tools. That’s not to say there is never any complexity with an SMB solution but typically it’s more straightforward.
  • The best-fit reseller – a call recording solution sits alongside the wider telecoms and IT infrastructure and businesses typically look to work with resellers with expertise in their space and platforms. The geographic location of the reseller may also be important.
  • Commercials – cost of entry can be expensive for SMEs so vendors need to avoid tiered pricing structures and base licenses that penalise businesses with smaller user bases. They also need to be offering flexible pricing models that support scalability, such as inclusive bundles and concurrent licensing models, rather than a cost per user.

Ian Bevington at Oak Innovation takes a different view.

“The fundamental requirements are the same. Organisations of all sizes need to accurately capture, securely store and recover recordings.

In the SME market, the range of requirements tends to be narrower with one or two users involved in the buying process. In the mid-market, the scope may extend across multiple departments and sites with many more users involved. It’s important that each of their requirements is fully understood before proposing a solution.

Winning the sale is only part of the process. Project management, installation and support can stretch resources during busy periods, for example, as the MiFID II deadline approached towards the end of last year. A typical SME opportunity may involve a sales call, a remote or on-site demonstration and a day of installation with ongoing support is catered for remotely. In contrast, a mid-market sale may require numerous pre-and post-installation site visits. Potential clients should check that the vendor has the resources necessary to support them.

In the mid-market, integration with payment and customer relationship management systems is more common, sometimes led by the customer’s in-house resource utilising API’s and SDK’s and sometimes developed and deployed by the supplier.

Oak innovation has a range of CTI capabilities that enable integration of common payment and CRM systems to speed up call handling, meet compliance requirements and simplify record search and recovery.”

Simon Whatley, Sales Director at Tollring

Simon Whatley, Sales Director at Tollring

Simon Whatley at Tollring says that in the run up to the GDPR deadline, call recording software developers, like Tollring, will provide full details of how compliance can be facilitated in relation to their software.

“In the SME arena, it is important to note that although software ‘facilitates’ compliance it remains the case that correct usage of relevant functionality is key.

For mid-market companies, compliance requirements tend to be more formal and automated, for example PCI DSS compliance for card payments tends to involve more sophisticated solutions that allow customers to enter credit card details using their keypad and hence call recording solutions must be able to cater for DTMF suppression.

Essentially, it is more important than ever that channel partners fully understand the markets in which their customers operate, then they can offer advice on call recording best practice within each of those markets. End users will be relying on the channel to provide consolidated advice across their entire solution portfolio, relevant to their individual business.”

Apart from compliance necessity who else is really using mobile recording applications?

David Dadds, Managing Director at VanillaIP, whose call recording platform is MiFID II compliant, says the development of call recording solutions feels like it mirrors the development of the whole industry.

“Where once these were adjunct, siloed box solutions, call recording is now embedded within the overall cloud provisioning and billing portal. For resellers, call recording has been arguably the biggest upsell add-on, alongside mobility, and unifying these two services is the real opportunity for the channel.

Traditionally, we thought of out and out mobile workers needing mobile call recording but with cloud solutions now providing true ‘one number’ solutions, the call recording needs to be user based rather than device based. Personal routing options mean that for many users, half or more of their DDI calls are picked up remotely. Look at the number of voicemail messages that are being left; it has dropped around 80% from 10 years ago and the key reason for this is personal routing and ‘one number’.

For resellers, we think it is essential that all fixed IP and mobile calls are recorded but that access, and playback, is unified within the existing telecoms portal, with real-time recordings alongside the users’ voice and data calls across any device. Our Uboss portal can add call recording security levels, so that not only does an administrator must have permissions to access call recordings, but they must have the right level of permissions to access certain individual’s recordings. For example, a standard admin cannot access the CEO’s recordings.”

Tom Maxwell at Nimans reminds us that years ago it was very difficult to record mobile calls but that’s not the case anymore, as behaviours and technology has changed dramatically.

“The health sector is one of the most prevalent sectors particularly peer to peer communication. If more than half of calls are made via mobiles these days, this is a large sector that needs solutions in that field. Network providers rather than physical devices on individual devices is where the most progress has been made.”

Ed Says…

We live in very interesting times when it comes to call recording. Not only are we on the cusp of the introduction of wide ranging new data security regulation that comes with swinging penalties for non-compliance but also facing ‘a rise of the robots’ as AI applications seek to better mine the call recording data.

The following two tabs change content below.

David Dungay

Editor - Comms Business Magazine