API Community Support CTM Home
New Left Nav
Mobile
Activities
Activity Logs
Contacts
Flows
Automation
Chats
Forms
Routing
Release Videos
Release Notes
COVID-19
Integrations
Drift
ABTasty
Acquisio
AMP
Bing
Bizible
Cake
Facebook
Gong i.o
Google Ads
Google Analytics
Google Data Studio
Google Marketing Platform
Hubspot
Instapage
Kenshoo
Kissmetrics
Mailchimp
Marin Software
Marketo
Microsoft Dynamics
Optimizely
Oracle Maxymiser
Salesforce
SendGrid
Slack
SnapChat
Stripe
SugarCRM
Symplify
Unbounce
VWO
Wix.com
WordPress
Zapier
ZenDesk
ZOHO
General
Help Center
Numbers
Management
Dynamic Numbers
Reports
Analytics
Contact Center
Reports Delete
Usage
Report Settings
Settings
Account Management
Current Account
Contact Management
Parent/Agency
Configuration
Users
Softphone
Texts
Text Settings
Recorded Training
CTM Academy
On-Demand Videos
Upcoming Topical Webinars
Menu +

CallTrackingMetrics Tools for GDPR Compliance

GDPR is short for the General Data Protection Regulation that goes into effect on May 25, 2018. It was passed by the European lawmakers to create a consistent data privacy law across all the EU member states. Its purpose is to:

  • support privacy as a fundamental human right;
  • require companies that handle personal data to be accountable for managing that data appropriately; and
  • give individuals rights over how their personal data is processed or otherwise used.

Visit the CallTrackingMetrics blog and our GDPR hub for more information. If you need to comply with other regulations such as CCPA and PIPEDA, these recommended settings will also apply to you.


Recommended Tools and Settings

CallTrackingMetrics offers a number of tools and recommended configurations to help you comply with GDPR requirements.

  • Make sure each person you have logging into your CallTrackingMetrics account are using their own unique login for security and tracking purposes.
  • For added login security, enable two-factor authentication to ask for verification code on every login or every 30 days.
  • Require a user to login to listen to any call recording links.
  • Enable encryption for your audio recordings so they are encrypted in transit and at rest.
  • Consider turning off Caller ID if you do not need to collect the name or location of your callers.
  • If you expect sensitive information such as Social Security numbers or personal phone numbers to be exchanged, you should enable Secure Call Transcriptions which will automatically detect the presence of that information in your interactions and will redact them from your recordings and transcriptions. 
  • Enable automatic redaction features on your account
    • Redaction removes personal information from records of calls, texts, live chats and forms in your account.
    • Redaction can be configured to occur daily, every 30 days, every 60 days, or every 90 days.
  • If you don’t want to use automatic redaction, you can manually redact information from any of your interactions.
  • If you are using FormReactor, be sure to include language in the form that explains to people what will happen once they fill out the form, what you are doing with their information and use a checkbox to gain their consent to those next steps.
  • If using outbound text or call programs, be sure to keep your do not contact lists (for calls and texts) up to date based on the consent you have received and/or opt out requests that have come in.
  • You can edit a contact’s data as needed in your call log or text log.
  • To export data, you can use the export calls or export texts options.
  • If you are recording calls, you need to gain consent to be recorded or demonstrate lawful basis for recording. You can use features like voice prompts and IVR menu’s to gather consent.

Some things to avoid: 

  • Avoid configuring triggers, notifications, or exports that move call data out of CallTrackingMetrics into emails or text messages, as these modes of communication are not generally secure and CTM cannot control the security of those systems. If choosing to use any of these features to send personal data outside of CTM application, it is your responsibility to ensure security of the information once it leaves CTM.
  • CallTrackingMetrics recommends exporting any data through the API or through the use of the secure SFTP export option.
  • Be sure that “Enable Enhanced Caller ID” is in the off position. That is an optional service that collects demographic information for callers.
  • Do not assume that just announcing call recording is enough. You most likely need consent to be recorded.
X