Study Reveals Contact Centres Unprepared for GDPR

Aeriandi study reveals contact centres woefully unprepared for General Data Protection Regulation (GDPR)

Less than one fifth feel prepared, 60% still need to make changes and 5% are not prepared at all

A new study by voice security services company, Aeriandi, reveals that many UK contact centres still have significant preparation to complete ahead of 25th May, the ‘go-live’ date for the EU’s General Data Protection Regulation (GDPR).

The study, carried out at the Call & Contact Centre Expo in London in March 2018, shows surprisingly low levels of awareness of the regulation itself, and that the number of contact centres on course to comply with the new regulations ahead of, or by, the deadline is low.

Key findings include:

–  Almost one quarter (24%) do not know what GDPR is.
– Over half (60%) still need to make changes and 5% are not prepared at all. Only 19% of respondents are prepared.
– 70% are aware how GDPR will impact the contact centre, but are not confident they know how.
– Less than one third (29%) feel confident they completely understand how GDPR will impact the contact centre.
– Less than one third (32%) of respondents say they definitely can deliver GDPR subject access requests (SAR).
– Low awareness levels of how GDPR will impact call recording

Contact centres, particularly those that store call recordings, manage a wealth of personal information. The new regulation covers any data that can be used to identify a person – either on its own or in tandem with other data. Any call recordings stored by contact centres will fall under GDPR.


– 68% of respondents are not confident they understand how GDPR will impact call recording in the contact centre.
– 6% do not think it will impact call recording in the contact centre at all.
– Only around one quarter (26%) are confident they understand how the new regulation will impact call recording in the contact centre.
Access rights have the potential to delay compliance

Known as Subject Access Rights (SARS), the new regulation will give individuals the right to make reasonable requests to access their personal data, as well as the right to request any of their personal call data be erased. This will place more stringent requirements on the storage and back up of customer voice recordings.


– More than a quarter of respondents – 28% – stated they are not confident their contact centre can deliver on SARs that meet GDPR requirements.
– 46% either don’t know, or are not confident their contact centre can deliver on SARs.

Matthew Bryars, co-founder and CEO at Aeriandi, commented:

“Organisations need to identify the areas where they are yet compliant and create a plan of action.

Contact centres will require a technology approach to meet the challenges effectively. The time to act is now.”



Additional Information

Aeriandi’s comprehensive voice security solutions deliver complete protection from the start to the end of every call. Whether PCI DSS, MiFID II, Dodd Frank, FCA or other, compliance can be complicated and expensive to attain and maintain. This is where Aeriandi can help.

Founded in 2002, its award-winning secure voice solutions are used by large corporates with highly complex infrastructures. Solutions include call recording, archiving, PCI phone payments, fraud detection, and speech analytics.

Aeriandi is the only hosted provider to process more than £1 billion in payments per year. Delivered 100% via the cloud, this offers faster deployment at lower cost with less business disruption. Its cloud infrastructure means all of Aeriandi’s solutions are fully scalable, flexible and easily adapted to the changing needs of its customers’ business.

For additional information on Aeriandi visit their Website

error: Content Protected