The EU GDPR (General Data Protection Regulation) 2018 is a European Union (EU) privacy regulation that was signed into law in April 2016. After Brexit on the 31st December 2020, when the UK left the EU, we incorporated the principles of the EU GDPR policies into our own laws and created the UK GDPR (General Data Protection Regulation) and Data Protection Act 2018

What personal data does Mediahawk process?

Mediahawk processes the following four pieces of data that are defined as “Personal”:

    1) CLI – Caller Line Identity: This is the callers telephone number.

This could be a personal landline, mobile, or a shared business telephone number.

    2) IP Address: This is captured whilst using the Vision product.        

The IP address can be a personal one if it is fixed, or it could be a shared one supplied by an ISP. All are covered by GDPR.

    3) Voice Recordings: If you have call recording enabled on your account, we will record all calls that are delivered via the Mediahawk system.    

Call recordings are covered under GDPR due your voice being unique, and the fact that personal data can be recorded as part of you and your client’s interactions. You may need to review the types of calls you receive and decide:

  1. if call recording is required.
  2. whether listening should be limited to authorised personnel within your business only.
  3. whether you should add / change any announcements at the beginning of the call.
  4. the length of time you should store voice recordings.

4) CLI Data Mapping: Using the presented CLI (landline only), Mediahawk can attribute the call to the following information using the callers telephone number. In the example below, we have used 01908 000000.


Region: Area of the UK that the call originated. 01908 000000 = South East.

ITV Region: The Television region. 01908 000000 = Anglia.

County:        The County the call originated. 01908 000000 = Buckinghamshire.

Postcode:    The 1st part of the postcode using the full number = MK5 for example.

Town:           The Town the call originated from = Milton Keynes.

Exchange:    The telephone exchange the call originated from = Milton Keynes. For mobiles, we can provide the mobile exchange (e.g. Vodafone).

Mediahawk allows its customer to capture and send additional information to Mediahawk, these activities may capture personal data and compliance with the relevant Data Protection Laws should be reviewed. 

  • Call-to-Action Tracking: This can be captured using the Dynamic product.

 Customers can send unique data into the Mediahawk platform as a Custom Dimension. This data can be something as a simple as a “click count” through to a full sentence or value.

As you are able to send freeform data via this interface, you are legally responsible for this data and must ensure that you have obtained and necessary consents for collecting and sending this data, and that you are compliant with any Data Protection Laws

  • Speech Analytics: If you have speech analytics enabled on your account, we will use voice recordings to transcribe the voice tags setup within the Mediahawk system.  

The speech analytics feature uses voice recordings and as such personal data may be recorded you therefore may need to review the types of calls you receive per section 3 above.

  • Sales Import: If you have Sales Import enabled on your account and upload data to the Mediahawk System.

You are legally responsible for this data and must ensure that you have obtained any necessary consents for collecting and sending this data, and that you are compliant any Data Protection Laws. 

How can you receive consent to obtain, store, and process personal data?

A substantial change is that failure to “Opt Out” no longer constitutes consent. Visitors to your website need to “Opt In”. For example, rather than ignoring an “Accept a Cookie Question”, the visitor will have to actively accept the cookie.

We have amended our Vision code so that your developers can easily enable or disable our Vision tracking code depending on your visitor’s cookie selection. For further information, please contact our Client Services team at or 0333 222 8333

How do I make my website GDPR compliant?

The golden rule that links all the requirements of GDPR, is the concept of consent being informed, specific and given freely. This means businesses need to be transparent in what personal data is being tracked via a website and how the data is used. This also includes what is tracked by cookies or any other solutions you use such as Google Analytics.

An example of a statement for the Mediahawk element of your tracking could be as simple as:

“We monitor activity throughout our website using a third-party provider (Mediahawk) to improve our Digital Marketing using a Cookie (See Cookie Policy). We track which sources are effective at helping visitors find our website and make calls to us. We use IP addresses, geo-location data, caller telephone number, and voice recordings.”


Further information

If you would like further information about GDPR and Mediahawk, please contact our Client Services Team at or 0333 222 8333.

As always, we recommend that you get in touch with a qualified legal professional to understand the specific requirements of the regulation and how you should prepare for its implementation.

This is a commentary on GDPR as Mediahawk interprets it. This document is provided for informational purposes only and should not be relied on as legal advice or to determine how GDPR might apply to you and your organisation. We encourage you to work with a qualified legal professional to discuss GDPR and its impact on your organisation to ensure compliance. Mediahawk makes no warranties, express, implied, or statutory, as to the information in this document.