GDPR – What About Legacy Data?

Ian Bevington, Marketing Manager at Oak Innovation, runs through the challenges of legacy data in the GDPR world

GDPR – What About Legacy Data?

Since the GDPR introduction in May 2018, businesses have scrambled to get their data and security processes in check. As we near the year anniversary, I spoke to Ian Bevington, Marketing Manager at Oak Innovation Limited, to get his take on what needs to happen, what businesses are doing and how UC technologies like call recording and data storage are helping both small businesses and the enterprise. Ian has a unique position where he wears two GDPR hats – Marketing Manager holding a lot of customer data and a software vendor with the aim of remedying GDPR and data concerns.


Ian said that decisions had to be made within Oak as to what data could be retained. “We took some sensible actions to reduce the level of risk and become compliant. We pretty much suspended demand generation and adopted a wait and see approach”.

“The devil is in the detail”

After a period of review and understanding, the view is no different to that of May. Almost a year on, Ian said GDPR and data regulations are about to reach a tipping point. “For existing active resellers and users – defined as those with a current support contract – we will continue as we were as there is a legitimate interest.” The legacy data can live on for active users – there doesn’t seem to be an issue here.

Legacy data

For existing “inactive” users – like those that have purchased a product or have had a previous support contract – it is a trickier proposition. Users that continue to use applications but are not subscribing to support or buying a monthly license pose a unique problem. Anyone that sells a one-off product is going to struggle to decipher whether or not there is still legitimate interest.

Ian referenced prairieFyre, the global provider of business analytics, contact centre, and optimisation software for the workforce, acquired by Mitel in 2013. “They could continue to monitor services despite not having active, paying customers”. This solved the problem of whether or not customers are still using the product – and more importantly, whether there is still legitimate interest.

How can Oak help?

As a supplier, Ian mentioned the process of consolidating data to easily manage and control. Call recording is a GDPR database of information. We spoke about whether businesses need to record calls in the first place. The GDPR argument is no, you don’t need to. But, for the purpose of brand protection and compliance in various industries like PCI compliance and MiFID II, the answer is very much yes.

“All businesses should be recording their calls”

“If you are following GDPR by the book, and regularly seeking consent to process data from either your client base or suspect base, we all know that doing this by email results in a low success rate”. Ian advocates that the primary mechanism should be via the phone – it is a far more successful way to gain consent. And the only way to prove it is with call recording. “The nicest way to achieve this is with CRM integration that pops up on an agent screen to prompt validation of consent to process data”.

It is clear that the guidelines around legacy data are blurred. Rather than run the risk of incorrectly storing legacy – or current – data, Oak provides call recording and call logging software to aid your GDPR concerns. To read more on GDPR and learn about dealing with legacy data, you can visit the Oak Innovation GDPR blog.

Got a comment?

1 Comment
Ian TaylorIan Taylor 09:03, 23 Jan 2019

An interesting thought – what about all the ‘old’ data held on record before GDPR came into effect. Some big names are starting to receive GDPR-related fines – hopefully giving smaller businesses time to get their data in order!

Reply to this comment

Please login to comment


Popular Posts

Related Articles