Consent via telephone recording?

Discussion in 'General Data Protection Regulation (GDPR) Forum' started by JonathanTNS, Feb 27, 2018.

  1. JonathanTNS

    JonathanTNS UKBF Newcomer Free Member

    Posts: 3 Likes: 0
    I have attended a couple of 30-minute to 1-hour webinars on GDPR, and the more I read, the less clear it becomes.

    I am confident that the services we use are all GDPR compliant, and in fact, all data is in the EU, and any third party I use has a GDPR policy already.

    Where it gets complex is on the data I hold to enable others to make contact. As a sort of sideline to the business, I run a small rather niche directory which allows end users to find and contact their relevant charity, either with masked details via a webform, or with their contact details out naked on the page for all to see - their choice.

    Trouble is, some of these organisations haven't updated their details for 5 years. Some trustees have moved/resigned/changed/died.

    I need a mass updated, purge, and re-opt-in. Believe it or not, over half of the charity trustees listed don't have email, either, nor do they respond well to letters.

    But I can easily rent and code up a freephone number which will ask people to enter a three digit ID, the charity details will be confirmed, then they clearly state their name and charity represented, saying whether they do or don't consent to the data being retained for the purposes of the directory.

    This will be recorded, along with the message requesting consent, along with the caller ID, date, time, and ID entered. This will be introduced to them by a Docmail mailshot which will have the number to dial, as well as a "cut off and post" form.
    I will finally follow up any strays with a phone call in the final week before doomsday as a nudge.

    From what I can gather from both questions myself and others asked on the webinars, as well as info on the web, I THINK this "recording consent via phone" should be OK? But they also said to double check, so here I am.

    Posted: Feb 27, 2018 By: JonathanTNS Member since: Feb 27, 2018
  2. JonathanTNS

    JonathanTNS UKBF Newcomer Free Member

    Posts: 3 Likes: 0
    Followup-question (and a bump!):
    One of my services is a telephone service which stores the user's number in order to set their preferences/stop them needing to log in and so on.
    This is all the user's number is used for, and of course it doesn't provide me with any more information about them, but from what I understand, it still falls under GDPR.

    So I was thinking of, after May 28, callers would be greeted once with the following message:

    "Due to the new EU GDPR regulations, continuation of this call requires your one-off consent to store your telephone number to use many features of this service including localisations, setting of preferences and so on. You will now be asked whether you consent or not. If you do not consent,

    If they do not comply, then they will be treated as an anonymous call, and whenever they try to access personalised services, they will be reminded of this EU regulation and asked if they would like to opt back in.

    If you're wondering "why not just call the ICO and ask?", if anyone has tried it, let me know if you continued waiting beyond half an hour!
    Posted: Mar 14, 2018 at 11:20 AM By: JonathanTNS Member since: Feb 27, 2018