Consent via telephone recording?

Discussion in 'General Data Protection Regulation (GDPR) Forum' started by JonathanTNS, Feb 27, 2018.

  1. JonathanTNS

    JonathanTNS UKBF Newcomer Free Member

    3 0
    I have attended a couple of 30-minute to 1-hour webinars on GDPR, and the more I read, the less clear it becomes.

    I am confident that the services we use are all GDPR compliant, and in fact, all data is in the EU, and any third party I use has a GDPR policy already.

    Where it gets complex is on the data I hold to enable others to make contact. As a sort of sideline to the business, I run a small rather niche directory which allows end users to find and contact their relevant charity, either with masked details via a webform, or with their contact details out naked on the page for all to see - their choice.

    Trouble is, some of these organisations haven't updated their details for 5 years. Some trustees have moved/resigned/changed/died.

    I need a mass updated, purge, and re-opt-in. Believe it or not, over half of the charity trustees listed don't have email, either, nor do they respond well to letters.

    But I can easily rent and code up a freephone number which will ask people to enter a three digit ID, the charity details will be confirmed, then they clearly state their name and charity represented, saying whether they do or don't consent to the data being retained for the purposes of the directory.

    This will be recorded, along with the message requesting consent, along with the caller ID, date, time, and ID entered. This will be introduced to them by a Docmail mailshot which will have the number to dial, as well as a "cut off and post" form.
    I will finally follow up any strays with a phone call in the final week before doomsday as a nudge.

    From what I can gather from both questions myself and others asked on the webinars, as well as info on the web, I THINK this "recording consent via phone" should be OK? But they also said to double check, so here I am.

    Posted: Feb 27, 2018 By: JonathanTNS Member since: Feb 27, 2018
  2. JonathanTNS

    JonathanTNS UKBF Newcomer Free Member

    3 0
    Followup-question (and a bump!):
    One of my services is a telephone service which stores the user's number in order to set their preferences/stop them needing to log in and so on.
    This is all the user's number is used for, and of course it doesn't provide me with any more information about them, but from what I understand, it still falls under GDPR.

    So I was thinking of, after May 28, callers would be greeted once with the following message:

    "Due to the new EU GDPR regulations, continuation of this call requires your one-off consent to store your telephone number to use many features of this service including localisations, setting of preferences and so on. You will now be asked whether you consent or not. If you do not consent,

    If they do not comply, then they will be treated as an anonymous call, and whenever they try to access personalised services, they will be reminded of this EU regulation and asked if they would like to opt back in.

    If you're wondering "why not just call the ICO and ask?", if anyone has tried it, let me know if you continued waiting beyond half an hour!
    Posted: Mar 14, 2018 By: JonathanTNS Member since: Feb 27, 2018
  3. Keith Budden

    Keith Budden UKBF Contributor Full Member

    77 10
    Good news is the answer for both of you is Yes, you are correct in the course of action you are proposing to take.

    To answer Jonathan's point about the ICO hotline - while I know the answer to most points around GDPR, no one knows everything and I did have a particular scenario to ask the ICO about last week - I was on hold for just under 2 hours before anyone answered the phone - and as we get nearer to GDPR day on 25th May I suspect that is just going to get worse and worse.
    Posted: Mar 30, 2018 By: Keith Budden Member since: Mar 30, 2018