GDPR at CloudTalk
The EU General Data Protection Regulation (GDPR) sets a new standard for how companies use and protect EU citizens' data. CloudTalk is committed to supporting you in your journey to become GDPR compliant. Here's an overview of GDPR at CloudTalk and how we are preparing for it.
Trust is the #1 thing in the cloud. CloudTalk is committed to provide a secure solution and protect your privacy.
Is CloudTalk's call center solution GDPR compliant?
Yes, CloudTalk is currently GDPR compliant.
Additional security measures
CloudTalk encrypts all data sent via the website using the HTTPS protocol. CloudTalk also encrypts any sensitive information that is stored and salts and hashes passwords with latest algorithms. We only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. Calls made via our apps are also encrypted during the transfer from agents to CloudTalk.
Data hosting and storage
CloudTalk uses third-party data centers with industry-standard certifications (Tier III+ or IV, ISO 27001, PCI-DSS). All facilities include physical protection.
Failover and disaster recovery
CloudTalk was built with disaster recovery in mind. All of our infrastructure and data are spread across more availability zones and will continue to work if any one of those data centers fails.
Login restrictions - Set up a list of countries from which you and your agents can sign in to CloudTalk.
International Calls - Specify the list of countries from which your agents can call. We highly recommend including only those countries that you actually need. You can also set a maximum daily credit for each agent.
Use these settings to increase the security of your call center.
Every user should use his own account to access CloudTalk. Assign the right roles to each of them - administrator, analyst, agent.
All data send through CloudTalk REST API are encrypted by default (TLS/SSL only). API is restricted only for users with username and secure API tokens.
All employee contracts include a confidentiality agreement.
How can CloudTalk assist in your GDPR compliance efforts?
CloudTalk's call center solution provides customers lots of features that can assist to enhance your security and become GDPR compliant. It is never too early to start with GDPR and review your organization's security and data privacy practices. There are several ways in which CloudTalk can help you.
Delete contact: "Right to be forgotten" - You may delete contacts upon customers’ request at any time. Deleting a contact will remove all of its data except the calls themselves and call recordings. However, calls will no longer be assigned to a specific contact and can only be identified by using a phone number. You can also seamlessly delete the contact by using our API.
Delete call recording: When you need to delete your customer communication, you can do it by yourself. As soon as you delete the recording, it will be removed from all our services.
Access to recordings: You can set for each agent whether he can access the recordings and whether he can only play them or download them as well. With these setting you can improve the security of your data.
Audit Log: "Right of access" - Our new interface lets you see who accessed your data. You will be able to easily find out when and which data have accessed in CloudTalk and by whom.
Exporting your customer data: "Right of portability" - You can find your customers as "Contacts". You can easily export the entire history of communications with a particular customer to an Excel file. And, if necessary, provide it to the customer. You can also export data using the API.
Remove data from integrations: Sometimes you need to delete the data from the integration (e.g. specific orders) but keep other data at the same time. Simply use our API to automatically delete those items or delete individual records directly through the CloudTalk interface in contact details.
Do you have any questions?
Contact us at [email protected]