MiFID II and GDPR Regulations

MiFID II and GDPR regulations which applies from January 3rd and May 25th 2018 respectively.

MiFID II

MiFID II is a new regulation of the European Parliament regarding Financial investor protection.
All entities should ensure a permanent, secure and undisputed phone communications record. Call via a fixed line, this way of communication can be recorded in the standard way.

Many calls are made via mobile phones.

How do our recorders comply?

  • Our Recording System allow you to play recorded calls according to the permission system.
  • Blacklisting – impossibility to record some contacts, supposing the information identifying this entity / branch / SIM is available.
  • SMS / MMS recording can be realized, assuming the interface definition.
  • Control of the archive filing.
  • You can sort / search (phone number, login / name of the employee, time, date, call duration …).
  • Calls are available in the archive for the entire time of their storage.
  • Stored records can be encrypted with a strong cipher.
  • Our system enables to delete the archive automatically.

GDPR in Recording systems

The GDPR is a new legal framework in the European area aimed at defending, against unauthorized treatment of personal data.

The GDPR applies to all entities/individuals that process user data.

The data generated during most communication is considered personal

How do we support GDPR processes (export, report, erasing of personal data)

  • Advanced logging of the data life cycle
  • Anonymization and data encryption
  • Integration into the third-party information systems
  • Customer Information Management Interface

What the GDPR brings?

  • Equal law enforcement throughout the EU.
  • Rights to oppose any processing of data,
  • Needs to be serious and demonstrable reasons for recording data.
  • Access to the data that is collected about him/her. & right to be forgotten.
  • Extending of the personal data definition. e-mails, IP addresses & cookies etc.
  • ‘Genetic and Biometric Data,’ are subject to strict rules.
  • Need to report a leak or threat of the personal data protection to the Office for Personal Data Protection, no later than 72 hours after the incident has been learned.
  • In some cases, the processor will also have to inform the persons whose data leaked.

Accountability that obligates regardless of their size or number of employees, to introduce technical, organizational and procedural measures to demonstrate compliance with the GDPR principles.