GDPR

#1
Just like the cookie law or indeed most pieces of EU legislation surrounding technology, the GDPR regulations coming into effect on 28th May are poorly thought out, costly to implement and solve a largely non-existent problem.

My question is, do you know how it affects records kept, like incoming caller numbers in the Voipfone control panel? I have been told I need to have a policy which states that all companies which supply data to me (like Voipfone) need to have their own GDPR policy.

Yeah, I know. Nightmare, eh?

My service relies on the caller's number in order to set their preferences/stop them needing to log in and so on.
This is all the user's number is used for, and of course it doesn't provide me with any more information about them, but from what I understand, it still falls under GDPR.

So I was thinking of, after May 28, callers would be greeted once with the following message:

"Due to the new EU GDPR regulations, continuation of this call requires your one-off consent to store your telephone number to use many features of this service including localisations, setting of preferences and so on. You will now be asked whether you consent or not. If you do not consent,

If they do not comply, then they will be treated as an anonymous call, and whenever they try to access personalised services, they will be reminded of this EU regulation and asked if they would like to opt back in.

From having attended several webinars (some live but with too many questions to answer all including mine) and with my mind completely boggled now, does this seem a reasonable approach?

(If you're wondering "why not just call the ICO and ask?", if anyone has tried it, let me know if you continued waiting beyond half an hour!)

Re: GDPR

#2
There's a lot of confusion surrounding GDPR and also a lot of scaremongering by companies looking to make a quick buck. One of the basic principles of GDPR is that, it is concerning data that an end user gives you.

The caller ID when someone calls you, is not supplied by the end user but instead by their Communications Provider, so GDPR does not apply. There is a regulation that does apply and that is called PECR (Privacy and Electronic Communications Regulations) and to summarise, that says that a Communications Provider must give their customer an easy and simple way to withhold their caller ID when calling out and therefore, if the customer does not withhold their number, they are consenting to you using their number.

So you do not need to explicitly get their consent during the call with IVR options.

Regarding, needing your suppliers to have GDPR policies, firstly GDPR doesn't apply to caller IDs and call data, so this wouldn't apply to Voipfone. Yes, Voipfone like all companies, will have to be compliant themselves, but that doesn't have anything to do with yourself.

For other suppliers, where GDPR data is concerned and you have formalised contracts with the supplier on a non-adhoc basis, for example you sell chocolate chip cookies over the internet and your customer's order details (name, address etc) are piped through to your courier to arrange delivery, would require you to have amendments (or side letters) to your contracts, drawn up, specifying your obligations as the Data Controller and their obligations as the Data Processor under GDPR.

Who is online

Users browsing this forum: No registered users and 1 guest

Copyright 2004 - 2017, iNet Telecoms® Ltd. All rights reserved.