Blog / Security and compliance / Are you retaining voice data c…

Are you retaining voice data correctly?

Author: Sian Hunter
Published on August 25, 2020

Keeping compliant with data protection laws, such as the GDPR, PCI DSS, or information security standards like ISO 27001, requires not only securing data effectively, but also deleting the data when you no longer have a legitimate purpose to store it. With Unified Call Recording from Dubber, you can ensure that recorded calls comply with data retention periods, and are secured effectively. The latest update to be released to the Dubber platform includes the option to set a retention period for recordings, allowing companies to comply with data protection legislation more easily.

Why do I need data retention periods?

The retention period is the length of time you store customer and supplier records for business or compliance purposes before the data is deleted. Erasing data after it is no longer required is important as it reduces the risk of keeping unnecessary, inaccurate, or out of date information.

While the General Data Protection Regulation (GDPR) doesn’t set out any specific minimum or maximum periods for keeping customer and supplier data, it does state that you must keep data no longer than is necessary for the purpose you obtained it for.

If you process debit or credit card information, you may be subject to the Payment Card Industry Data Security Standard (PCI DSS).

Similarly, if you intend to comply with ISO 27001, the international standard that describes best practice for information security, you must take note of its requirements. These compliance requirements will dictate what information must be included in your information security policy and the rules you should follow. A simple data retention policy will address: the types of information the policy covers, how long you are entitled to keep the information, and what you should do with data when you no longer have a legitimate purpose to store it.

What are data retention best practices?

  • You must not keep personal data for longer than necessary
  • You need to be able to justify how long you store personal data. This will depend on why you are storing the data
  • You should have a data retention policy that sets standard retention periods, in order to comply with documentation requirements
  • You should periodically review the data you hold, and delete or anonymise it when no longer required
  • In some jurisdictions, individuals have a right to erasure and you should be ready to delete data on request
  • Personal data should only be retained for longer periods if it is for public interest archiving, scientific or historical research, or statistical purposes

How do I set a data retention period?

Data protection regulations around the world require enterprises to ensure that personal data from their consumers is deleted after a specified period. These requirements will vary by region and industry. With retention periods, businesses can customise their plan so that recordings are deleted according to their exact compliance needs. Retention periods can be altered as required so that organisations can adapt to changing regulations.

While your voice data is stored within the Dubber platform, you can be sure that the security measures will protect against any data breaches. The platform offers a level of encryption and reliability not seen in on-premise storage, with significantly reduced risk of damage, theft, or tampering. Alternative approaches to call recording such as in-app recording means a lack of control over who has recorded calls, where they are stored, and who has access to the voice data. Enterprises must ensure that their information security policy protects against this kind of risky behaviour.

What about complying with financial services regulations?

Legislation such as MiFID II in the EU requires financial services organisations to record calls containing financial advice, but these must be deleted after 5 or 7 years, depending on the country. With the new retention periods feature, financial institutions can set a maximum length of time for recorded calls to be stored within the Dubber platform. Once this period has been reached, these recordings and their associated AI data will automatically be deleted.

Do I need a special plan?

Retention periods are available as standard on our Call Dub and Dubber AI plans, at no additional cost, and are enabled as default within account settings. These services are both all inclusive, with a full range of recording features and unlimited storage, retention and minutes per month: ensuring no worries about running out of space. Dubber AI comes with added voice AI functionality, including transcription, sentiment and tone analysis, and customisable automated alerts.

To find out more about how Dubber’s Unified Call Recording is helping businesses meet their compliance requirements, click here to chat to one of our team.

Related articles



Dubber Unified Call Recording and Voice AI is now available for Microsoft Teams globally.

Dubber call recording article: Four ways resellers can differentiate themselves in every Microsoft Teams deal today.

Four ways resellers can differentiate themselves in every Microsoft Teams deal today.

Dubber is now available to automatically record every conversation on Microsoft Teams and can be turned on with a click.

Dubber call recording article: Do more with every call on Cisco

Do more with every call on Cisco

Cisco customers across their Webex® Calling, UCM-C, HCS, and CUCM services can unlock voice data with call recording from Dubber.

Have any questions?

If you have any questions regarding this blog article or anything you have read on the Dubber website, be sure to get in touch with our friendly sales team

Contact us today