The call center world is burdened by a large number of laws and regulations. Recently, the Telemarketing Code was changed, which in practice means that your paperwork becomes even bigger. What requirements must a call center meet in order to be compliant? We have listed all the rules for you.

The English verb ‘to comply’ means ‘to comply’ or ‘to comply’. In the customer contact world, the term ‘compliance’ is used for compliance with applicable laws and regulations. You are therefore compliant if your organization works in accordance with applicable laws and regulations and in accordance with the requirements set by the client or the guidelines of industry organizations.

In recent years quite a lot has changed in the laws and regulations for customer contact. For example, the General Data Protection Regulation (GDPR) privacy law has been in force in the European Union since 2008, the Telemarketing Code was amended in 2020 and the Telecommunications Act was amended on 1 July 2021.

Compliance and customer contact

Because this article focuses on customer contact, we will discuss the laws and regulations that directly apply to this customer contact. So we are talking about the AVG, Telemarketing Code and the Telecommunications Act.

We do not consider legislation and regulations that apply to the content of customer contact, such as the Financial Supervision Act, NMa Guidelines for the provision of information from energy suppliers to consumers, the Unfair Commercial Practices Act and the Distance Selling Act.


With customer contact you are in all cases dealing with personal data and you must therefore be compliant with the AVG. Customers (and other people you have contact with) can stand up for themselves under the GDPR when it comes to the processing of their data.

They have control over their data and what you do with it. Think of viewing stored data and revoking previously granted permission and even the right to be ‘forgotten’. The GDPR also states that your personal data must be properly secured.

GDPR compliant

To be compliant with the GDPR, you must map out which personal data you use and for what purpose. You may only process this personal data when you really need it and there is no other option. So there must be a good reason. You state this reason in the privacy statement. Make this privacy statement complete, easy to find and in plain language.

In addition, you will probably have to keep a processing register containing: which personal data you use, for what purpose, where you store it and with whom you share it. You must also properly record permission that you have received from people, you must be able to make an overview of all processed customer data and you must be able to anonymize data if requested.

As mentioned, you will also have to ensure that the personal data is properly secured and you must have a processing agreement with all parties that process personal data for your company.

Steam-connect helps to be GDPR compliant:

  • Steam-connect is ISO 9001 and ISO 27001 certified. ISO 27001 is the international standard of how to deal with information security.
  • You anonymize a person’s data in a few clicks, when a person asks for it.
  • You ensure that your customer data is safe because Steam-connect has the option to set a list of locations where you can login.
  • You can set per employee which permissions he or she has. In addition, a login grid is used, which means that there is no fixed password for the management environment.

Telecommunications Act and Code for Telemarketing

With outbound customer contact, not only the GDPR is important, but also the Telecommunications Act and the Code for Telemarketing. This law and code were amended in 2021 with the aim of reducing consumer irritation and protecting consumer interests.

Telecommunications Act

It is not allowed to just send unsolicited commercial e-mails, to approach people commercially by telephone or to place and read cookies. The Telecommunications Act lays down rules for the use of personal data for unsolicited electronic communication.

For example, sending e-mail or calling people is always opt-in unless it is sent to a customer. This means that you must have permission from anyone who is not a customer to send an email with a commercial, charitable or idealistic purpose and that you must also be able to demonstrate this. Any recipient may object to the use of the e-mail address.

Cookies are less relevant for direct customer contact, but we mention them for the sake of completeness. You also need permission to place and read cookies on a visitor’s equipment. So also an opt-in.

Compliant with the Telecommunications Act

In order to be compliant with the Telecommunications Act, it is therefore particularly important that you properly record who has given permission for what. Always de-duplicate call lists with your company’s Right to object list.

You can do this most easily by managing this data in one system.

Steam-connect offers the possibility to keep customer data pure by linking to the Do not call register.

You can automatically duplicate the contact details with the BMNR and the Right of Resistance list (blacklist) of your organization.

After a call can be automatically transferred to a BMNR IVR stating the company details. The employee can also manually transfer to the BMNR IVR or manually enter the person in the BMNR. Read more about the Telecommunications Act here .

Code Telemarketing

The Telecommunications Act just discussed applies to unsolicited approaching persons with a commercial purpose. But to ensure the quality of unsolicited commercial telephone calls, telemarketing companies have also established their own rules. These are in the Telemarketing Code.

The Code for Telemarketing includes the following rules:

  • The Telemarketing Code stipulates how long you can still call a customer after he last bought something or the agreement has been terminated. This customer term is a maximum of 3 years.
  • The call must be made with a working and visible telephone number and no voicemail may be left.
  • It also states how the conversation should proceed. For example, it must be asked whether it is convenient, it must be clear which company is contacting and if necessary. on behalf of which client. At the end of the conversation, the right to object and the Do not call register should be pointed out, possibly via IVR, if clearly announced.
  • It also explains how to deal with complaints.

Compliant with the Telemarketing Code

In Steam-connect you work with a call script that determines the exact course of the conversation. You can set this up yourself according to the rules in the Telemarketing Code.

Everyone who works in the campaign (also possibly external agencies) works with the same script. Everyone (internal and external agents) can also call out with the same telephone number.

As a result, it is always clear to the customer who is trying to contact them and they can easily call back.

Conclusion: how are you compliant in customer contact?

All the laws and regulations do not make the life of a call center manager any easier. The key to compliance is capturing and securing your data. Curious about how Steam-connect fits into this alley? Request a free demo and we would be happy to think along with you!