If you’ve been following our team online, you would have noticed that we’ve been focused on GDPR for quite some time now. We created the GDPR hub, compiled a list of tools available to our users, published a comprehensive guide on our blog, assembled a whitepaper on call tracking and the GDPR, and even recorded a live webinar about the GPDR with a few experts.
What is the GDPR, and why are we concerned?
Well, the GDPR (General Data Protection Regulation) is a new regulation that goes into effect on May 25, 2018. It was passed by lawmakers to create a consistent data privacy law across the European Union. Basically, the GDPR is meant to strengthen the idea that privacy is a basic human right. It requires businesses that handle personal data to collect and manage that data responsibly, and essentially passes control of personal data back to the users themselves.
CallTrackingMetrics may be based in the United States, but we serve many European customers, so we are fully committed to ensuring our compliance with the GDPR. In this week’s special edition of Ask an Expert, we sat down with senior engineer Bob Graw to learn how businesses can prepare themselves and their customers for this new data landscape.
Bob, what security measures should business owners take to ensure they’re prepared for GDPR?
The GDPR requires businesses to update their policies regarding the collection of data of EU citizens and residents. But, just switching some features on and other features off will not make you compliant. If you are currently collecting information that is not strictly required for you to conduct your business, then you will need to stop collecting that information.
For example, you can no longer get away with having a blanket consent policy for data collection. To be compliant with GDPR regulations, you have to specifically ask for consent to collect different types of information.
If you’re wondering about security measures related to CallTrackingMetrics and the GDPR, you should head to our GDPR hub, where we’ve compiled a few resources regarding the GDPR, and explain what you need to do in order to maintain compliance within our platform. We also have a checklist that provides guidelines about features you may need to adjust in order to maintain compliance.
To what extent will this impact a business if it’s not located in the European Union?
Well, it’s true that GDPR strictly concerns citizens and residents of the European Union. But, if you’re collecting or processing data related to a resident or citizen of the EU, then it doesn’t matter where your business is located. Even if your business is located in the United States, if it interacts in any way with an EU citizen or resident, then you need to be in compliance with the GDPR. Of course, when we refer to EU citizens, we’re also referring to citizens of the United Kingdom for as long as they remain members of the EU.
What tools does CallTrackingMetrics offer to help their users ensure compliance?
The major tool we provide in our marketing plans is the ability to redact call information. If the agency enables redacting calls, then accounts will have the ability to redact a single call or caller from the call log. They will also have an option to automatically redact calls automatically after 1, 30, 60, or 90 days.
Redaction is a great tool because while it may retain the the fact that a call has occurred, it still removes all data about the caller, including the phone number, any caller ID information, the call recording, and even web visitor information, like an IP address.