What You Need to Know About Contact Center Compliance

January 24, 2020

In our ever-connected world, data is everywhere. But having access to an ever-increasing amount of information has also led to a number of challenges. The possibility of data breaches, with their potentially disastrous consequences, is one increasingly important challenge that businesses need to face.

When you take into account the huge amount of customer data collected and stored on a daily basis in contact centers, it is not surprising to learn that data breaches are the single biggest risk factor in the contact center industry. And although there is no way to 100% guarantee you will avoid a data breach, with thorough preparation it is possible to mitigate the potential risks.

Below, we compiled details of the most important contact center compliance legislation related to data security you should be aware of.

Telephone bank card payments

These days most companies provide customers with the opportunity to make immediate online purchases. However, when it comes to paying online (especially in a post-GDPR world), data security is always a major concern – for both companies and customers.  

With that in mind, it’s vitally important for companies that provide real-time telephone-based payment solutions to ensure that the customer data they process while handling card and debit card transactions is completely safe and secure, and in particular is based on PCI DSS regulations.

The PCI DSS certificate, issued by the five largest credit and debit card issuers in the market (Visa, MasterCard, American Express, Discover and JCB), is one of the strictest security standards in the world, and applies to any organization that accepts credit and debit card payments. To be able to begin initiating real-time payments during phone calls your company, or the outsourced call center you rely on, will need to be in possession of the PCI DSS certificate.

Having been the proud holders of the PCI DSS certificate for four consecutive years, we here at VCC Live can confirm that it is the ultimate proof of a solution’s success in keeping its business data safe and secure.


The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, is a regulation that contact centers have no choice but to comply with. Aiming to strengthen data protection across the EU, the regulation gives people more control over how organizations can use their personal data.

GDPR has brought major changes to the business world, and call centers, which usually deal with a huge volume of data, are no exception. It also introduced heavy penalties for organizations that fail to comply with the new legislation. 

This legislation requires contact centers to operate in accordance with strict rules, such as making sure customers can easily access their personal data and providing them with the right to be forgotten.

Even though GDPR is now in effect, many organizations are still trying to determine what their obligations are under the new rules (if you’re still unclear whether your call center is GDPR compliant or not, it’s time to check out our GDPR checklist).

Call recording

Call recording is a common call center practice, with most contact centers recording customer calls for security and training purposes. However, the correct handling and processing of recorded calls can cause (and indeed are causing) headaches for many businesses.

Voice files are considered personal data as they can include personal details, such as the caller’s name, address or financial information. As a result, call recording is classified as a form of ‘data processing’, and falls under the new rules covered by GDPR.

When it comes to call recording the golden rule is that agents will need to specifically request permission from their customers to be able to record calls. Therefore, it is essential to ensure that your staff always pay special attention to obtaining consent from your customers.

In particular, contact centers should never assume that informing customers about call recording is enough to indicate consent. Instead, they need to directly ask customers for permission, while also telling them they can opt out of the call before the conversation continues.

Take away

As you can see there are several important rules and regulations contact centers must abide by. And as new rules continue to appear every year, it’s best you always stay prepared by making your organization fully aware of the importance of data security.

Get regular updates
from VCC Live

You'll get an email as soon as we publish
new insights or have updates worth checking out.

Leave your email for regular insights

By submitting your email, you agree for VCC Live to send you service related news and updates, as well as agree that VCC Live will use your data according to the Privacy Policy.

This field is for validation purposes and should be left unchanged.

Subscribe to get emails when we post something you might like

By submitting this form I agree to be contacted by VCC Live. Review Privacy Policy

This field is for validation purposes and should be left unchanged.