27th June 2018
I couldn’t believe it when I read the BBC article about the HMRC and 5.1 million audio signatures that may have been collected without consent, with the potential for HMRC to be the first big GDPR casualty.
HMRC is being investigated by the information Commissioners office after receiving complaints about its Voice ID scheme, used to manage personal taxes.
The General Data Protection Regulation (GDPR) came into force on May 25th, 2018. The law explicitly includes voice recordings in its list of requirements where explicit consent is needed before use.
Voice ID was launched by HMRC in January 2017. HMRC were responding to a Freedom of Information request from Big Brother Watch, the privacy advocacy group and suggested that the details were collected on ‘implied consent’.
The first Big GDPR Casualty?
Getting GDPR right seems to be difficult for any organisation no matter what their size. It’s a bit of catch 22 situation for HMRC, who brought in the technology after dreadful delays with call answering and a meltdown of phone services in recent years.
For micro and SME businesses GDPR can be particularly difficult to manage. IRIS FMP has developed a simple, cost effective GDPR HR toolkit to help smaller UK businesses start to comply with GDPR, and international companies making their first foray into Europe.
What’s certain is that GDPR is here to stay, and no one can ignore it. The ICO has reportedly lacked enforcement ability in the past, due to limited resources and legal constraint, but this new legislation gives them more power. Whether they decide to make HMRC their first big GDPR casualty remains to be seen.