Call recording GDPR compliance

or keep scrolling






Controlling and processing and maintaining records of recorded communications data will be a key consideration in your preparation for the GDPR, which takes e ect on 25th May 2018. Red Box gives you a set of tools to build into your data management processes, in full support of your compliance obligations.


GDPR aims to strengthen the rights of individuals and increases transparency around how their personal REC information is captured, stored and processed. Consent for recording individuals must be easy to give, simple to withdraw and must be explicit for sensitive data. Not only will organisations need to be a lot clearer on how they will be using or ‘processing’ recorded calls and data, but they will also need to ask for and keep a record of the fact that
consent was given.

The Red Box annotation feature enables a record to be tagged with the consent captured, which can then be tracked, audited and reported on. This can be done manually by the call handler through the Red Box Workstation Client, or automated via an integration with our API.

What if consent is not given?

Where an individual does not give consent for the conversation to be recorded, Red Box o ers the capability to suppress the audio or screen capture. This same technology is already used by many of our clients for PCI compliance purposes.


The GDPR widens the existing ‘right to be forgotten’ under the Data Protection Act and individuals will be able to withdraw consent and request for their personal data to
be deleted or ported elsewhere*. As such, the ability to link communication data captured from di erent sources to an individual is crucial so that an organisation can easily build a complete picture of the personal data held on file.

Red Box supports this process by:

Capturing everything

Audio can be captured from 50+ UC and telephony systems (including legacy, PBX and hosted), contact centre solutions, radio, mobile and trading systems, turrets, mobile and radio, as well as SMS, IM, screen capture and video.

Tagging records with unique identifiers

A wide range of rich metadata is automatically added to records at the point of capture. This can be enhanced through the addition of customisable fields and manual annotations.

Integrated search and replay capability

Find records easily within the Red Box Quantify Suite.

Single customer view

The ability to export records, including all metadata, to your CRM platform of choice.

Speech recognition

Highly accurate transcription of all audio conversations is available for 28 languages and growing. The text output can be imported into BI systems to search for personal information.

Deleting/porting of records

Record deletion capability is available and can be built into your data management processes.
We also enable the export of records.


Taking steps to prevent a data breach is not a new requirement of businesses but the fines associated with one will be significantly higher when the GDPR comes into force. Red Box supports an organisation’s data protection policies in several ways:

Controlled platform access

As well as the ability to set user profiles, logins can be managed through Active Directory Authentication.


Recordings are fully encrypted for additional peace of mind, wherever they are stored.

Deployment options

The Red Box solution can be deployed within an organisation’s infrastructure so that it’s subject to their full data access policies.


Organisations need to meet GDPR compliance obligations through embracing privacy by design. Technology will play a big part in this, alongside people and process, so selecting the right suppliers is crucial.

Red Box Recorders has been supporting customers with the secure capture of communications for 28 years. In recent years, a range of regulatory requirements have been a priority for our customers and we will continue to develop tools to make call recording compliance as easy as possible.

* The right to be forgotten must only be complied with if retention is no longer required (so if retention timeframes are stipulated for other regulations, such as MiFID II, this would still apply) or if the data is unlawfully collected in the first place. If permission was granted for the information to be collected this permission can be revoked at any time.

We'd love to hear from you and discuss how we can help you move forward todayContact Us