To fulfil the requirements in GDPR, EU General Data Protection Regulation act, a person must be able to give his or her consent, i.e. approval, to being recorded. The customer consent to recording can for incoming IVR calls be collected in the IVR. The consent is then passed on to ACE Recording where the consent governs if the call is recorded or not.
For situations where the customer is not asked for consent in the IVR and for call types where automatic collection of consent is not possible, e.g. callback calls, there is a default value for recording consent that is configured per organisation area via the parameter recordingConsentDefault. See System parameter tab Other.
The customer consent can normally only take two values:
- Yes - Consent given
- No - Consent declined
For organisations where calls must be recorded by law, e.g. financial institutions, there is also a third value:
- Consent not required
This value tells the system that the customer's consent is not required in order to record a call. For organisations where all calls must be recorded, best practise is to set parameter recordingConsentDefault to "Consent not required" and not collect and pass on any consent from the IVR.
The agent can not change the recording consent value. However, if this function is available the agent can record a call manually via recording on demand even if the end customer has not given consent to being recorded. This is essential in certain situations such as when a contract must be recorded for legal reasons or during a threat call. To make it transparent if the agent has overridden the customer's consent there are two contact data keys:
- recordingConsent - Contains the consent to being recorded
- recordingOnDemand - Set to "true" if the agent has started a recording of the call.
The keys are documented in the interface specification Appendix - Contact Data. If these keys are configured to be stored in statistics and Interaction View it is possible to view in hindsight why the call was recorded in spite of the customer's decline to being recorded. See Contact data, basic configuration. The keys should also be configured to be shown in the contact data view for the agent. See Configure Contact data for ACE Agent.
- In ACE Recording, the key Consent can be viewed and used in queries as one of several business data.
- There will be no calls with Consent set to the value "No". All calls with Consent set to "No" will automatically be deleted.
- Calls that have been recorded although no consent was given will have the Consent set to "agentOverride".
Also see GDPR for the administrator.