Skip to main content
← Back to glossary
Glossary

GDPR

EU General Data Protection Regulation. Governs processing of personal data in the EU. Requires legal basis, purpose limitation, DPA on processing, and EU servers for sensitive data.

The GDPR is the EU’s General Data Protection Regulation. It defines when and how personal data may be processed in the EU. For an AI phone assistant all four core principles apply: lawful basis, purpose limitation, data minimisation and transparency.

In a telephony context this means concretely: a clear notice at the start of the call that callers are talking to an AI; a lawful basis for processing (typically performance of a contract or legitimate interest with a documented balancing test); a Data Processing Agreement (DPA) with the vendor; and EU data residency for audio, transcripts and metadata.

A setup is only court-defensible when retention periods, deletion procedures and data-subject rights (access, deletion, objection) actually work in production — not just exist in the privacy policy.

FAQ
Must callers be told they are talking to an AI?
Yes. Transparency under Art. 13 GDPR and the EU AI Act both require a clear notice at the start of the call.
Related terms
Go deeper in the docs
See it applied

Next step

See BHOMY in a 15-minute demo on a real call example.

Request demoBack to glossary
🍪

Cookies & Privacy

We use cookies to provide you with the best possible experience on our website. Some of them are technically necessary, others help us improve the website.

Read Privacy Policy