GDPR: Changing the ways businesses interact with their customers
Published: June 25, 2018
Author: admin

From 25 May 2018 the Data Protection Act 1998 (DPA) will be replaced by The General Data Protection Regulation (GDPR), and it will bring important changes to the ways data is stored and processed by businesses. The introduction of GDPR is designed to set clear rules for businesses to follow when collecting and storing personal data, it also allows everyone to understand their rights in relation to the information held about them. The new regulation was created as a reaction to increased internet usage and sales of personal information, allowing consumers more power over their personal data.

The new law will bring data protection in the UK in line with the rest of the UK and nothing (not even Brexit) will stop it – So it is best to start preparing now! Your business must have strong policies in place to avoid scrutiny and potential fines. This article will highlight some of the key elements of the GDPR, and the best practice for companies.

What are the new GDPR principles?

The general framework of GDPR is similar to DPA, and the level of compliance is dependent on how much, and the type of data collected. In essence – the more data collected and processed by your company, the more compliance is required under GDPR.

You must, however, still afford privacy protection, notification and consent and protect the information by secure storage, regardless of your business’s size. GDPR places a larger focus on protecting an individual’s rights about their data, therefore when companies collect and process the data, they must also justify the legality of it.

What is meant by ‘Data’?

An individual’s personal data can relate to their name and address, but can also include fingerprints, DNA, recorded calls, date of birth and now has become more stringent, including any information that can be traced back to a single person. All of this information will be covered and protected by the GDPR.

How does this affect recording phone calls? And how can I ensure I am doing this legally?

If you record phone calls you must fulfil any of the following conditions to ensure you are doing so legally:

  1. Receive consent from the individual(s) in the phone call to record.
  2. Justify the necessity of the recording, i.e. to fulfil a contract, or for legal requirements.
  3. It is necessary to protect the interests of one or more participants.
  4. The recording is in the public interest, or necessary for the exercise the official authority.
  5. It is in the interest of the recorder, only overridden if they conflict with the interest of the participant of the call.

When a business is using call recording to monitor customer service, they are still left to fulfil the first condition to be fully compliant. The fifth condition may also apply as it could be argued that staff quality assurance outweighs the interest of privacy.

So, what does this mean should you want to continue recording phone calls? Under the DPA, when a recording takes place the individual must be informed of the purpose and how the information will be processed. If the participant continued the call consent was assumed, and this was acceptable and common practice. The GDPR implements tighter regulations, meaning implied/assumed consent is no longer enough. There must be express consent given, either by recording verbal consent or having AI terminate the call if consent is not given.

Rights to Access Data Have Also Changed.

Individuals will now have absolute access to any information stored about them, and this will need to be identified, retrieved and provided to them upon request. Therefore, as a business you must implement a an efficient method of doing this upon request. In addition, should the individual request to have your details removed you must do so with immediate effect. Any policies that are put into place to ensure this is done must be co ordinated with your IT and call recording provider to ensure you can fulfil your claims.

Compliance

Business must be able to actively display their compliance to the new rules under the ‘Principle of Accountability.’ The GDPR stresses the importance of implementing data protection systems with immediate effect. Creating an extensive policy is not going to be useful if your staff and providers are not going to be able to fulfil the obligations. Having an honest and realistic policy will be most effective, and will be easier to demonstrate should you need to prove fulfilment.

In order to implement any policy effectively there are several steps that must be completed. Including, drafting policies and protocols, and training staff to make them fully aware of the new provisions followed by careful management and implementation.

Penalties

Along with the new policies implemented there are also new penalties designed to deter and punish organisations committing further breaches. Under the DPA, organisations could be fined up to £500,000. However, under the new GDPR fines can range from 2-4% of global turnover, depending on how severe the case was. These fines are designed to have a large impact on non-compliant companies, therefore it is important to act now.

By Karen Holden, Founder, A City Law Firm

Silenced by Fear: A Guide to Addressing Sexual Harassment from Those in Power

Introduction Sexual harassment can occur in many contexts, not just in the workplace. When the harasser is in a position of power—be it a manager, investor, joint venture partner, or any influential figure—it can create a climate of fear that discourages victims from...

From partners to rivals | Protecting your company using restrictive covenants

If a founder or shareholders or senior managers relationship sours, things can go wrong very quickly causing the company distraction and financial losses. This is compounded if on exit the departing individual seeks to poach clients or staff seeks to work with a...

Navigating Fashion’s Legal Landscape: Essential Guidance for Designers and Entrepreneurs

Introduction: Fashion Week is more than just runways and glamorous designs it's also a pivotal time for designers, entrepreneurs, and brands to reassess their legal strategies. As the fashion industry faces unique challenges heading into 2025, including new...

From Partners to Rivals: Protecting Your Company through restrictive covenants

Today, we’re tackling an issue that can make or break your business—restrictive covenants and their role in protecting your company during shareholder, director or staff disputes. We will touch on their importance, how these should be incorporated into your documents...

Protecting AI Innovations: Strategies and Guidelines – Part 2

As Artificial intelligence (AI) continues to evolve, its intersection with Intellectual Property (IP) law has become a crucial consideration for innovators. The UK Intellectual Property Office (IPO) has a set of detailed guidelines to evaluate if AI inventions are...

The Life of a Disruptive Lawyer: Innovating Legal Practice in Emerging Technologies ran by a Mum & Female Founder

In the staid and often stolid world of law, disruption is not a term often associated with the legal profession. Yet, at A City Law Firm , disruption is our modus operandi. From pioneering payment plans to engaging with cutting-edge technology, we have redefined what...

Protecting AI Innovations: Strategies and Guidelines – Part 1

As Artificial intelligence (AI) continues to evolve, its intersection with Intellectual Property (IP) law has become a crucial consideration for innovators. The UK Intellectual Property Office (IPO) has a set of detailed guidelines to evaluate if AI inventions are...

Tackling workplace toxicity

In today’s interconnected work environment, whether through face-to-face interactions, virtual meetings on Teams, or other communication platforms, issues such as derogatory comments, bad-mouthing employers and management, bullying and discrimination are prevalent....

Navigating the metaverse | Potential challenges for employers and employees in the UK

With the rapid advancement of technology, the concept of the metaverse is no longer confined to the realm of science fiction it is here. As virtual reality, augmented reality, and other immersive technologies converge, the metaverse is becoming increasingly tangible....

IP Licenses: When do you need one and what are the essential terms it must have?

As technology lawyers working in emerging technology, our biggest value is protecting and commercialising the founders IP The why ? In the fast-paced world of intellectual property (IP), safeguarding your creations is paramount. Whether you’re an inventor, artist, or...