Call center data protection obligations

Call center data protection obligations:Do you know the obligations that a Call Center has in front of the data protection law? Below, we inform you of everything you need to have your company in order. Very important!

Any company that owns a call center must comply with a series of obligations previously established by the LOPD (Organic Law on Data Protection) and by the RGPD (General Data Protection Regulation) referring to the protection of the data of individuals.

First of all, we must explain what a call center or virtual switchboard is:  

“It is a call center managed, normally, by telemarketing agents who make calls (outbound calls) to customers to offer them a service via telephone, they can also receive calls from customers to get information or hire the services of the company.”  

In a call center, incoming calls are just as important as outgoing calls, but even more important is the security of data protection for customers called by agents.

For that reason, we are going to focus on explaining what are the obligations that companies that own a call center have regarding the data protection of the customers they call.  


Why is it important to comply with the data protection law?

Adequate compliance with the data protection law in a call center or switchboard is essential, mainly to avoid disciplinary and/or economic sanctions against the company.

We must remember that this law tries to ensure the security of the personal data of customers (name, surname, ID, telephone, email, address, bank details, …), both current and potential customers of our business.

It must be taken into account that switchboards are installed in businesses of all types of sectors, therefore, the situations that they deal with can also be very diverse:

  • Complaints that can be used in courts or consumer bodies such as the OCU.
  • Collect data for the processing of a contract.

Whenever we encounter more than one situation where the request of personal data from customers is necessary, the company is obliged to make a voice recording of the call. REMEMBER, before recording the call, you must have the customer’s consent.  


What should I do to comply with the LOPD and the RGPD in my company?

  1. Register the processing of the activities to be carried out in the official register.
  2. Analyze the risk of the treatments that are developed in the company.
  3. Perform a data protection impact assessment of the data being handled (is it high, medium or low).
    • High: are data on ideology, health, sex life, race, relating to gender-based violence and beliefs.
    • Medium: data capable of assessing the client’s personality characteristics.
    • Basic: are identifying data such as name, surname, NIF, e-mail, telephone, …
  4. To draw up a security document that contemplates the necessary security measures to protect customer data.
  5. Have a contract of access to databases for third parties who request it for the processing of customers’ personal data.
  6. Have a confidentiality contract for the data with which the company’s employees work.
  7. Have legal texts available to customers on the company’s website.
  8. Have legal texts available to customers.
  9. Provide in the company access to the ARCO rights (Access, Rectification, Cancellation and Opposition) available to all interested customers. You should always inform who and for what purpose the data will be used.
  10. To have video surveillance cameras in the company with informative signs.
  11. Having the express consent of customers for the processing of their personal data.

  Call center data protection obligations  

Why does a call center perform voice recording?

With respect to GDPR in a call center, the law justifies the recording of customer calls if it is done for reasons such as:

  1. Customers called by the agents have given their consent to be recorded.
  2. If a voice recording is necessary for the completion and fulfillment of a contract.
  3. When it is necessary to comply with any requirement established by law.
  4. To protect the interests of the clients during the conversation.
  5. When the recording is necessary to protect the interests of the clients during the conversation.
  6. Made for the legitimate interest of the recorder, provided that it does not violate the fundamental rights of the customer being recorded.


What are the obligations of a Call Center regarding call recording? 

These voice recordings must be available to the customer at all times. According to the Spanish Data Protection Agency (AEPD), every customer has the right to demand the recordings from the telephone operators or, failing that, the transcription of the recording.

For this reason, it is essential that companies have a computer system that allows voice recording of outgoing calls and find them at any time to download and make them available to the customer or delete them. We have a telemarketing software that allows companies to perform all these functions according to the data protection treatment established by the LOPD and the RGPD.

Perhaps you are interested in having in your business a call center adapted to the needs of your company and that complies with the obligations established by the data protection law. In that case, you may be interested in reading about how you can set up your call center or how it can make you sell more.

If, on the other hand, you already have a virtual PBX and you want to improve it and adapt it to the regulations, do not hesitate to contact us, we will be happy to assist you without obligation. We hope this article has been very useful and that your PBX complies with the obligations established by the state in terms of data protection.

(Votos: 0 )
Por: Nati CaballeroPublicado el: 12 de mayo de 2022