This article is intended to share best practices on how companies are maintaining a call recording program for training purposes while also staying GDPR compliant. Though we have a deep expertise in the area, you should always consult your legal team before making a decision about call recording.
The effects of GDPR are everywhere–your inbox, across the web, and even in your CRM. The general consensus is that it’s better to err on the side of caution when it comes to GDPR regulations, or run the risk of losing up to 4% of worldwide annual turnover or €20 million, whichever is greater. That’s nearly $23.5 million.
What Exactly is GDPR?
GDPR stands for General Data Protection Regulation, and it was created to provide EU citizens with more control over their personal data. This includes the assurance that their data is protected, regardless of where it’s stored.
It includes your typical CRM fields like name, email, and phone number plus things like interests, and even social media posts. To be clear, GDPR does not render sales teams incapable of digging up or collecting this data. Instead, it’s focused on the use and storage of that data.
Call Recordings & GDPR
GDPR applies to businesses established in the EU, companies selling into the EU (although this is a grey area), and companies “monitoring” persons in the EU. Monitoring has been defined as tracking a person on the internet with the goal of making decisions or predicting preferences, behaviors and attitudes (See Id. Recital (24)).
If your data processing takes the form of recorded calls to prospects and customers in the EU, it does not appear to constitute monitoring. It’s too soon to know with certainty whether or not call recordings are a form a monitoring, because it is not explicitly stated in the GDPR nor has a precedent been set by EU courts.
Get the recording requirements for GDPR compliance! Download this free infographic »
GDPR-Compliant Call Recording
Even if your intent is to use call recordings for internal training and coaching purposes, recording calls with individuals in the EU could potentially be interpreted as monitoring. Because of this, most companies with operations in the EU or recording calls placed into the EU are adopting one of these business policies:
Establishing Consent
GDPR stipulates that data from a person in the EU can only be processed for six lawful reasons. One of these lawful reasons is consent, which requires you to get the data directly from the individual. In the instance of call recording, sales reps can open the call with “This is Steve Richard on a recorded line. The purpose of my call is…”
For organizations that do outbound, unscheduled calls, this notification of recording may negatively impact conversation rates. In this case, they opt for another policy.
One-Sided Call Recording (Rep-Only Recording)
According to the General Counsel and Compliance Officers of several large companies, one-sided recordings do not contain any data from persons in the EU. Because you are only recording the rep and not the buyer or prospect, GDPR does not apply. Many big, risk-averse companies are using technology to record just what the reps say as a way to be compliant.
One-sided call recording has its drawbacks. They are not nearly as helpful as two-sided recordings for sales leaders to train and coach their reps. Sales results are ultimately driven by the behaviors of the reps. One-sided recording allows you to inspect those rep behaviors with ease, regardless of where the call was placed into. There is a lot of debate around this in states like Maryland and California, but that shouldn’t stop you.
Get Consent from Your Reps in Writing
The preceding policies apply to the buyer, but companies also need to consider their employees’ data. Even if you operate outside of the EU, it’s an HR best practice to have all of your reps sign an “Employee Telephone Monitoring Policy”.
This sample Employee Telephone Monitoring Policy follows policy guidelines from the Society of Human Resource Managers (SHRM). You’ll need to meet individually with each existing rep first to explain that call recording is for the purposes of coaching first, then have them each sign the document. After this first wave, include the document in your new hire paperwork.
For reps who are unwilling to provide consent, there is technology that allows your call recording system admins to simply not record their extensions. This is GDPR compliant for EU-based individuals who do not consent to being recorded.
Ultimately, having a positive and productive sales coaching culture is the best way to ensure 100% of your reps opt-in to the call recording program.
The GDPR is comprehensive and expansive legislation and as such, this article does not comprise legal advice. Consult your legal department to discuss any current or future call recording programs in any country.