General Data Protection Regulation in Vonage Contact Center

From 25th May 2018, the General Data Protection Regulation (GDPR) takes effect in the European Union.

One aspect of GDPR is the 'right to be forgotten'. If one of your customers exerts their 'right to be forgotten', you will need to act on their request. Vonage Contact Center provides a Right to be Forgotten tool that anonymizes or removes personal data held in Vonage Contact Center, including call recordings and their related data, and voicemails. Vonage Contact Center also provides the ability to delete call recordings, associated comments and Conversation Analyzer data independently of other Vonage Contact Center data.

If you use Vonage Contact Center or Vonage Contact Center products in Salesforce, you can and must action any of your customers' requests in Salesforce yourself.

If you use Vonage Contact Center in non-Salesforce CRMs, you can and must action any of your customers' requests in the CRM yourself.

You are responsible for validating your customers' requests before you act on them.

If one of your agents or supervisors exerts one of their rights, you can access their data in Real Time or User Access sections with the VCC Admin Portal. 

If you want to exert one of your rights in relation to your own data held directly with Vonage Contact Center, send an email to request.information@vonage.com.

In this page

Right to be Forgotten

Vonage Contact Center now supports the ability for you to raise any 'right to be forgotten (RTBF)' requests made by your customers. This feature anonymizes or removes the personal data stored in VCC databases in a permanent, irrevocable, one-way change. This data includes call recordings and their related data, for example, transcriptions, and voicemails. The underlying data still supports your statistics in Vonage Contact Center but can no longer be tied to the customer who raised the request.

Records, containing personal data, that can be deleted are permanently removed.

Records, containing personal data, that cannot be deleted—for example, some records are required for correct reporting in Stats and Reports—have any personal data permanently anonymized. In such cases, the personal data is replaced with a token. The original personal data can never be retrieved from the token.

Data from third parties that is stored in data sources and then mapped to a single name (using Data Source Mappings), cannot be anonymized or deleted at this time.

Vonage Contact Center processes any requests within the bounds of your currently logged in account only, so if you have multiple accounts you may need to raise the request in each account to ensure complete coverage.

Only supervisors have the ability to raise RTBF requests.

For information about processing Right to be Forgotten requests, see Raising a Right to be Forgotten request for Vonage to process.

Audio and screen recordings and Conversation Analyzer data

You can delete your customers' personal data in Interaction Content. For information about how to delete recordings and Conversation Analyzer data, see Deleting interaction content. You can also delete this data using the Interaction Content API. For information about the Interaction Content API, see Interaction Content API.

Voicemails

You can delete customers' voicemails using the Interaction Content API. For information about the Interaction Content API, see Interaction Content API.

Personal data used by Vonage Contact Center in Salesforce

Depending on which Vonage Contact Center products you have installed in Salesforce, your customers' personal data can be in many different records and fields. For information about handling your customers' personal data when using Vonage Contact Center products in Salesforce, see Where to find personal data used by Vonage Contact Center in Salesforce.

Personal data used by Vonage Contact Center and ContactPad in CRMs other than Salesforce

Use the following information to protect your customers' personal data. Protect this data to comply with the General Data Protection Regulation (GDPR) requirements.

If you have installed Vonage Contact Center in a CRM other than Salesforce, your agents can use ContactPad to make and receive calls to and from your customers. ContactPad sends start and end messages for these calls to the CRM window in which ContactPad appears. If your CRM supports such messaging, it creates child records of your customer records to log these call activities. The child records relate to the customers that your agents dialed or the customers the agents received the calls from.

Child records contain the phone number dialed by the agent or from which the agent received the call. Depending on the standard fields your CRM provides, the child record contains the number in the subject field or a phone field. If agents can edit child records, they can add comments or notes that might contain personal information.

Integrating ContactPad in a non-Salesforce CRM does not add new fields to your CRM. You cannot install Connect or Advanced Reporting and Statistics in a CRM other than Salesforce.

Personal data in CRM Lite (legacy product)

If you use CRM Lite, you have full control over the fields in the system. If you store customers’ personal information in CRM Lite, you must consider this data in terms of GDPR.