Call Recording Laws UK: What Trade Businesses Need to Know

Call recording is one of the most useful tools a trade business can adopt. A customer disputes what was agreed? Check the recording. An engineer needs to hear the fault description? Play back the call. Office staff need to train on handling enquiries? Review real conversations.

But UK law is specific about when and how you can record calls. This guide covers what's legal, what's required, and how to stay compliant.

Is it legal to record calls in the UK?

Yes — with conditions.

The UK has two relevant pieces of legislation:

1. Regulation of Investigatory Powers Act 2000 (RIPA) — governs lawful interception of communications
2. UK GDPR and the Data Protection Act 2018 — governs how you process personal data (including call recordings)

Under RIPA, a business can record calls made to and from its own phones without the other party's consent for certain purposes. But UK GDPR adds requirements about how you handle, store, and inform people about those recordings.

The practical upshot: you can record calls, but you need to tell people you're doing it and have a lawful reason.

The six lawful bases under UK GDPR

To record a call legally, you need one of six lawful bases under UK GDPR. For trade businesses, the two most relevant are:

1. Legitimate interests (Article 6(1)(f))

You have a legitimate business interest in recording calls, and that interest isn't outweighed by the caller's privacy rights. This is the most commonly used basis for business call recording.

Examples of legitimate interests:

• Training and quality monitoring
• Dispute resolution (confirming what was agreed about a job)
• Regulatory compliance
• Evidence for debt recovery
• Protecting employees from abusive calls

You need to document your Legitimate Interest Assessment (LIA) — a record of why your interest in recording outweighs the individual's privacy. For most trade businesses, this is straightforward.

2. Consent (Article 6(1)(a))

The caller explicitly agrees to be recorded. This is the cleanest legal basis but has a catch: consent must be freely given, and the caller must be able to withdraw it. If someone says "don't record me," you must stop.

What you MUST do

1. Inform callers

UK GDPR requires transparency. Before recording starts, callers must be told:

• That the call is being (or may be) recorded
• Why you're recording (training, quality, dispute resolution)

How to do this: An automated message at the start of the call: "This call may be recorded for training and quality purposes." If you use an AI receptionist or IVR system, include it in the greeting.

For inbound calls, this is simple — your phone system plays the message. For outbound calls, your staff should verbally inform the person: "Just to let you know, this call is being recorded for quality and training purposes."

2. Include call recording in your privacy policy

Your website privacy policy must mention that you record calls and explain:

• What data you collect (call recordings)
• Why you collect it (your lawful basis — legitimate interests or consent)
• How long you keep recordings
• Who has access to them
• How someone can request access to or deletion of their recording

3. Keep recordings secure

Call recordings contain personal data. Under UK GDPR, you must:

• Store them securely (encrypted, access-controlled)
• Limit access to authorised staff only
• Not keep them longer than necessary (define a retention period — typically 6-12 months)
• Be able to find and delete a specific person's recordings if they make a Subject Access Request (SAR) or request deletion

4. Handle Subject Access Requests

Under UK GDPR, anyone can request a copy of their personal data — including call recordings. You have 30 days to respond. Your call recording system needs to be searchable by phone number or date to make this feasible.

What you DON'T need to do

You don't need explicit consent (in most cases)

If you're using legitimate interests as your lawful basis, you don't need the caller to say "yes, I agree." The automated message informing them is sufficient. If they continue the call after hearing the message, that's not consent — it's just transparency.

You don't need to record everything

You can choose which calls to record. Many businesses record all inbound calls but not internal calls. Some record only certain lines. The key is consistency and documentation.

You don't need to give callers an opt-out (if using legitimate interests)

Unlike consent, legitimate interests doesn't require an opt-out mechanism for individual calls. However, if someone objects to their data being processed, you must consider their objection under Article 21 of UK GDPR. In practice, if a caller says "don't record me" mid-call, it's best practice to stop recording.

Recording calls with employees

Recording calls where your own employees are one party has additional considerations:

• Inform employees that calls are recorded (this should be in their employment contract or staff handbook)
• Don't record personal calls (if employees use business phones for personal calls, have a policy)
• Use recordings fairly — don't use them as a gotcha for performance management without warning

The best approach: include call recording in your employment contract and staff handbook, explain the purpose, and make it clear which calls are recorded.

Recording calls with subcontractors

If your subcontractors call in to your main office number and that line is recorded, the same rules apply — inform them via the automated message. If you're providing subcontractors with phones or a company line that records, include it in your subcontractor agreement.

Practical setup for a trade business

Inbound calls (customer enquiries, callbacks, complaints)

1. Set up an automated greeting: "Thank you for calling [Your Business]. This call may be recorded for training and quality purposes."
2. All calls are recorded automatically after the greeting
3. Recordings are stored in your job management system, linked to the customer record
4. Retention: 12 months, then auto-delete

Outbound calls (following up quotes, chasing payments, arranging access)

1. Staff verbally inform the person: "Just to let you know, this call is being recorded."
2. If the person objects, stop recording (or don't start)
3. Recording is linked to the relevant job or customer record

AI receptionist calls

If you use an AI receptionist (like Muster's), the AI announces recording as part of its greeting. This covers the transparency requirement automatically. Recordings and transcripts are attached to the customer and job records.

Retention: how long to keep recordings

There's no specific legal requirement for how long to keep call recordings. UK GDPR says "no longer than necessary." In practice:

For most trade businesses, 12 months is a sensible default. After that, auto-delete unless there's an active dispute or debt.

Common mistakes

1. Recording without informing

This doesn't make the recording illegal per se (RIPA allows it), but it breaches UK GDPR transparency requirements. Always inform.

2. No privacy policy mention

If your privacy policy doesn't mention call recording, you're in breach of UK GDPR's transparency obligations. Update your privacy policy.

3. Keeping recordings forever

Indefinite storage without justification breaches UK GDPR's storage limitation principle. Set a retention period and stick to it.

4. No way to find specific recordings

If someone makes a Subject Access Request and you can't find their calls, you're in breach of UK GDPR. Your recording system must be searchable.

5. Using recordings inappropriately

Using a recording to embarrass a customer on social media, or sharing it outside your business without justification, breaches UK GDPR. Recordings are for the stated purposes only.

How Muster handles call recording compliance

Muster's call recording is built with UK GDPR compliance in mind:

• Automatic call announcement — every inbound call hears a recording notification
• Recordings linked to jobs and customers — searchable, findable for SARs
• AI transcription and summary — no need to listen to whole calls to find information
• Configurable retention — set your retention period, auto-delete after expiry
• Access controls — only authorised staff can access recordings
• Export capability — respond to Subject Access Requests with one click

Combined with the AI receptionist (every call answered, transcribed, and logged), call recording becomes a genuine business tool rather than a compliance burden.

No competitor in the UK trade software market offers built-in call recording with transcription. It's one of the features that only exists in Muster.

See it in action.