Call Tracking

Know what makes your phone ring and smartly route inbound calls.

Analytics Add-Ons

Form Tracking

Learn which ads, campaigns, or keywords inspire form submissions.

Conversation Intelligence

Automatically transcribe and analyze calls using the power of AI.

Communications Add-On

Lead Center

Call, text, chat, and manage your conversations from one unified inbox.

Pricing
Industries
Agencies

Know which tactics deliver your clients' best calls and form submissions.

Real Estate

Close more qualified buyers and renters with better marketing and communications.

Healthcare

Gain the insights you need to maintain the health of your marketing campaigns.

Legal Services

Stay competitive by making the most of your marketing dollars.

Home Services

Tighten up response times — and never miss another opportunity.

Automotive

Accelerate the ads, keywords, and campaigns that drive buyers to your showroom.

Financial Services

Know what inspired your best customers to act then attract more like them.

Resources
callrail marketing graphs
Content Hub

Market smarter by keeping up with emerging trends, tips, and tools.

Integrations

Deliver automated insights by connecting CallRail to platforms you already use.

Partnerships

Learn about our affiliate, marketing agency, and technology partnerships.

(888) 907-4718 Support
(888) 907-4718

Call tracking and GDPR: Here’s what marketers need to know

by Elliott Wood
May 8, 2018

Later this month, the European Union’s General Data Protection Regulation will go into effect. You’ve probably seen plenty of headlines about GDPR, which, in a nutshell, is a set of regulations on businesses designed to protect the privacy of EU citizens.

Perhaps you already have a general idea of how GDPR might impact your business. As you begin to dig deeper and look at all of the ways you attain customer data, you may have questions about GDPR’s impact on how you track calls.

In this article, we’ll outline how you can continue to use a call tracking software like CallRail while maintaining compliance with GDPR.

CallRail’s call tracking solution is GDPR compliant out of the box

Out of the box, CallRail is GDPR complaint. For the purposes of this post, there are two key identities to define under GDPR:

  • Data controllers: Defined as, “A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” Most CallRail customers are data controllers.
  • Data processors: Defined as, “A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” CallRail is a data processor with relation to your customer’s personal data, and a controller with relation to the account holder’s data.

GDPR places the way a controller handles personal data under the microscope. Under GDPR, EU citizens have a set of rights related to how their data is handled, which we outlined in a recent post.

As a business handling personal data, the onus lies with you to clearly communicate what data you’re collecting on your customers and the purpose for which you’re collecting that data. As a tool, CallRail is GDPR compliant, because it legally transmits personal data to its customers –– the controllers.

Businesses must have a valid lawful basis in order to collect or process personal data. Most commonly for businesses, including CallRail, data is collected for a legitimate business reason: pursuing a legitimate interest without overriding the interests of the individual. Check the Information Commissioner’s Office breakdown of the six lawful bases for processing to check that your business complies.

Best practices for handling call tracking data and achieving GDPR compliance

CallRail has already been built in several ways that allow you to practice aboveboard control of personal data, from two-factor authentication support to end-to-end encryption of call recordings, transcriptions, and all other collected data. And of course, CallRail uses only first-party cookies (set on your domain, not ours), never uses your customer data for any other purpose, and never provides it to any other third parties without your consent.

Here are some tips for using CallRail and setting a high threshold for your handling of customer data:

  1. Turn on two-factor authentication to add an extra layer of security to your account. We explain how to do that in our two-factor support documentation.
  2. Don’t share login information. Only give CallRail access to trusted users in your organization. And remember, CallRail supports multiple users per account at no additional cost. Learn how to add users to your account.
  3. Be careful with how you’re using webhooks. If you’re sending customer data to another system, be mindful of what you’re storing and where it is being stored. At a minimum, you should ensure your webhook endpoints are configured to use encrypted transmission via HTTPS.
  4. You likely need to mention your collection of call data and use of cookies in your own privacy policy, and document your use of personal data under the intended lawful interest. You should consult your own legal counsel to determine how this may apply to your situation.

As always, we are here to help. Contact our privacy team at privacy@callrail.com for any customer data export, update or deletion request, or any additional questions related to GDPR compliance and call tracking.