How to protect the data in your tarot Pbx?

Benefits of protecting data in a tarot center

Beyond complying with the law - which is already important to avoid multas- taking care of your customers' data is taking care of your business.

In the tarot, the connection is vital. If your customers feel their most intimate information is safe with you, they will come back and recommend you. A data leak can destroy that trust forever.

Besides, your name and your service are your biggest asset. Imagine your brand being involved in a data mismanagement scandal, the result would be a stain on your reputation, because in the sector where you unfold discretion is gold.

And no less important, the Spanish Data Protection Agency (AEPD) you take privacy very seriously. Fines for non-compliance can reach up to EUR 20 million or 4% of your annual turnover.

To what extent are you responsible for your customers' data?

When you use a tarot phone center, the law sees you as responsible. What does this mean? That you are the one who decides why the data are collected: to give the service, billing, recording calls and how they are managed in the essential.

So, you have a responsibility for everything to be done right, fulfilling the General Data Protection Regulation (RGPD) and Law on the Protection of Personal Data and the Guarantee of Digital Rights.

This includes from asking for permission to making sure everything is protected.

What are your VoIP supplier's responsibilities for data protection?

The company that provides you with a secure centralite for tarotists and the VoIP service is responsible for making everything work well.

Your job is to treat the data following your instructions. Therefore, you have an obligation to choose a supplier that offers you sufficient guarantees. This means that they have proven experience and robust security systems.

The contract: the essential road map

The relationship with your supplier must be reflected in a contract. This contract is no longer a role, it is fundamental.

You should specify what the supplier will do with the data, what security measures it will apply, how it will help you if a customer exercises his rights, what happens if he subcontracts part of the service, and what will happen to the data when the contract is over.

Practical advice: You don't agree to a standard contract. Ask your provider for details about your safety, if you have certifications and make sure that the contract reflects the agreement well. Your tranquility depends on it!

What data does a tarot Virtual PBX handle?

You may think it's just the conversation, but there's actually more:

• Customer's phone number: the basic identifier. Your esoteric care platform probably records it.
• Call recordings: If you record the consultations, very careful with this!, the voice itself is already a personal fact. And, of course, everything that is said in it.
• Conversation content: Here's the delicate. In a tarot consultation, it's easy for intimate issues to come out.
• Billing data: Call number, duration, cost. Information required for the additional charging of 806.
• Technical data (Metadates): time of call, duration of waiting, Agent you attended, IP addresses if you use softphones.

Alert, the special data categories

This is where it gets serious. The RGPD protects certain data with special zeal because they are ultrasonic. These are the so-called "special categories" and are mentioned in Article 9 of the RGPD:

• Ethnic or racial origin.
• Political opinions.
• Religious or philosophical convictions.
• Trade union membership.
• Genetic data.
• Biometric data.
• Data relating to physical and mental health.
• Data on sexual life or sexual orientation.

Do they sound like you? It is almost impossible to have a deep tarot consultation without raising issues related to beliefs, health concerns or partner issues and relationships.

Treating these data is prohibited. You can only do this if you meet very strict conditions, the most common in your case being the explicit consent of the client. This has important legal implications as we will see now.

RGPD rules you must comply with if you use a Virtual PBX for tarot

The RGPD marks basic principles that you must always follow:

• Tough, loyal and transparent: try the data on a legal basis, be honest about what you do with them and explain it to your customers.
• Clear purposes: use the data only for what you said you needed (give the query, check, record if you were given permission for that...). Don't use them for other things.
• Correct data: Make sure the data is correct and update them if they change.
• Limited time: Don't save the data forever. Define how long you need them and wipe them safely later.
• For good care: protects data against unauthorized access, loss or destruction.

Get consent

If you'll record your calls tarot centraliteYou need your client's explicit consent. And since these calls are most likely to treat sensitive data, such consent must be clear and specific.

How to get it on a 806 call?

The mandatory initial location of 806 is not sufficient for the recording consent according to the RGPD. You need something else, a clear customer action after that location and before you start recording, for example:

• Option 1: press a key. "If you consent to the recording of this call for quality and safety purposes, press 1."
• Option 2: verbal confirmation. "To record this call in order to improve our service and have a search of the query, I need your consent. Do you agree?" And record your "Yes, I agree."

Technical and organizational measures to protect your Virtual PBX data

The RGPD (Article 32) requires you to put in place risk-appropriate security measures. Both you and your supplier of tarot centralite have to apply them. Here's your essential checklist:

• Always numbered: Make sure that both the call and the saved recordings are encrypted.
• Strong and unique passwords: No "123456" or "tarot"! Use complex and different passwords for each thing. Change those that come by default. If possible, activate multifactor authentication.
• Control of who agrees to what: Not everyone needs access to everything. Limit who can enter the panel or listen to recordings.
• Updates per day: keep up-to-date the software of the switchboard, phones and computers / mobile. The patches correct security holes.
• Firewalls: use well-configured firewalls, ideally understanding the VoIP traffic.
• Antivirus / Antimalware: have protection on all devices using the tarot service VoIP system.
• Security copies: make regular copies in case something fails.

How long to save the data?

You can't accumulate data for an indefinite time.

In the case of recordings there is no legal fixed time limit. You have to define a deadline. While billing data is usually stored between 4 and 6 years by law.

On the other hand, your telecommunications operator keeps certain technical data for 12 months by law.

Council: creates a written data retention policy. Define clear time limits for each type of data and purpose, and height.

What if I don't do it?

Ignoring data protection in esoteric services can be very expensive, from high fines to irreparable damage to your brand's reputation.

Fines

As we said, they can reach millions of euros or 4% of your annual global turnover for the most serious infringements. Serious infringements can be fined up to 10 million or 2%. Even the light ones can cost up to €40,000.

Damage to reputation

A penalty or data gap can sink your customers' confidence and damage your professional image in an irreversible way.

Protect data, protect your business

Use a tarot centralite for your 806 line is an excellent idea to professionalize and expand your business. But remember, trust is your most valuable asset.

Meeting data protection is not just avoiding fines, it is showing your customers that you take their privacy seriously and that they can trust you with their deepest concerns.

Remember this checklist always:

• Take your role: You're responsible, the final responsibility is yours.
• Choose your supplier well:Find a reliable one and sign a good contract.
• Express consent: essential if you record calls, and more with sensitive data!
• Maximum safety: figure, use strong passwords, update, form your team.
• Be transparent: inform your clients and respect their rights.
• Don't save data forever: defines and applies storage time.

Investing time and resources in protecting data on your phone service platform is investing in your customers' confidence and the future of your esoteric business. If you want a reliable supplier Contact us today.

Would you like to know more about Virtual PBX for your 806 line, read our article: Virtual PBX for tarot: what is, advantages and how to choose it There we explain everything you need to know!