Updated April 2026
✅ Quick Answer
How many phone lines does your business need?
Get a free no-obligation quote in 60 seconds
When does your current contract expire?
Tell us about your business
Your details
We'll never share your details. Unsubscribe anytime.
Thank you!
One of our mobile experts will be in touch shortly with your tailored quote.
Yes, business call recording is legal in the UK with proper consent. Under the Telecommunications (Lawful Business Practice) Regulations 2000, UK businesses can record calls for training, quality assurance, compliance and dispute resolution. However, you must also satisfy UK GDPR: identify a lawful basis (usually legitimate interest or legal obligation), inform callers with a recorded announcement, store recordings with encryption, honour subject access requests within one month, and auto-delete recordings after a defined retention period.
The ICO’s updated January 2026 guidance now requires a formal Legitimate Interest Assessment (LIA), explicit disclosure of AI-assisted call analysis, and automated retention/deletion policies. Most cloud phone systems include compliant call recording from £2–£6/user/month — or bundled free on platforms like Hypercloud Hosted VoIP.
Need compliant call recording set up fast?Get a free quote from Connection Technologies →
Whether you run a sales floor, a support desk or a professional services firm, call recording has become one of the most valuable tools a UK business can deploy.
In 2026, cloud-based phone systems make it easier than ever to record, store and analyse every conversation — but the legal and compliance landscape demands that you get it right. The ICO’s refreshed guidance on voice data processing (published January 2026) has tightened expectations around transparency, retention and AI-assisted analysis of recordings.
This guide covers everything: the UK laws that govern business call recording, the latest 2026 GDPR obligations, setup steps, a full comparison of the best call recording solutions available to British businesses right now, and how to choose the right platform for your needs.
What Is Business Call Recording and Why Does It Matter in 2026?
Business call recording is the practice of capturing and storing telephone conversations for training, compliance, dispute resolution or quality assurance purposes. While the concept is decades old, the technology has changed beyond recognition.
Traditional recording relied on physical tape-based systems connected to analogue phone lines — expensive, unreliable and difficult to search. Modern call recording is built into cloud-hosted VoIP phone systems and works very differently:
- Automatic capture — every inbound and outbound call is recorded without manual intervention
- Cloud storage — call recordings are encrypted and stored securely in UK data centres, not on local hardware
- Instant search — find any recording by date, caller, number or agent in seconds
- AI transcription and sentiment analysis — recordings are automatically transcribed to text, scored for customer sentiment and made searchable by keyword. In 2026, AI-powered call analysis is standard on most mid-range platforms
- Access from anywhere — managers and compliance teams can review call recordings from any device with an internet connection
- Automated GDPR compliance — leading platforms now auto-delete recordings after your defined retention period and flag subject access requests within the admin portal
For most UK businesses in 2026, call recording is no longer a specialist add-on. It is a standard feature of the cloud phone system they already use. If you are still relying on an old analogue phone system, the PSTN switch-off in January 2027 means upgrading to a VoIP-based solution — with built-in recording — is now urgent.
Is Call Recording Legal in the UK in 2026?
This is the question most people ask — and the answer is nuanced. Call recording is legal in the UK, but the rules depend on who is recording, why, and whether the other party knows about it.
What Legislation Governs Call Recording?
Two pieces of legislation form the core legal framework for call recording in the United Kingdom:
- The Regulation of Investigatory Powers Act 2000 (RIPA) — governs the interception of communications. Under RIPA, a business may record calls on its own network without the consent of the other party for a range of legitimate purposes.
- The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 — often called the LBP Regulations. These set out the specific circumstances under which businesses can lawfully intercept and record calls.
On top of these, the UK GDPR and the Data Protection Act 2018 impose separate data-handling obligations on every recording you make and store (covered in detail below).
When Can a Business Record Calls Without Consent?
Under the LBP Regulations, a business may record calls without the consent of the other party for the following purposes:
- Establishing the existence of facts relevant to the business (e.g. confirming a verbal contract)
- Ascertaining compliance with regulatory or self-regulatory practices
- Quality control and staff training
- Preventing or detecting crime
- Ensuring the effective operation of the telecommunications system
- Monitoring communications to a confidential helpline
This means that a UK business can, in most circumstances, record business calls without explicitly asking for consent — provided the recording is for one of the lawful purposes listed above.
When Is Consent Required for Call Recording?
Consent becomes necessary when:
- The recording is made available to a third party outside your organisation (e.g. sharing recordings with an external partner)
- The recording is for a purpose not covered by the LBP Regulations
- The call is personal rather than business-related
- You use AI to analyse recordings for purposes beyond the original lawful basis (see 2026 GDPR update below)
Best Practice: Always Inform Callers
Even though the law does not always require consent, best practice is to always inform callers that the call is being recorded. A simple announcement — “This call may be recorded for training and quality purposes” — protects your business and builds trust with customers.
Most modern business phone systems can play this message automatically before the call connects.
Failing to inform callers does not make the recording illegal in most business contexts, but it can create problems under GDPR (see below) and may damage customer relationships if recordings surface unexpectedly.
Our recommendation: Always use an automated recording announcement. It costs nothing, takes two seconds to configure on any cloud phone system, and significantly reduces your compliance risk.
Hosted VoIP with Call Recording
Hypercloud VoIP includes built-in call recording, auto-attendant, and call analytics from £12/user/month.
Business Mobiles
Need call recording on mobile? MDM-managed business phones with recording and compliance features.
What Are the 2026 GDPR Rules for Call Recording?
While UK telecoms law permits call recording, the UK General Data Protection Regulation (UK GDPR) adds a separate layer of obligations. A recorded phone call is personal data — it contains a person’s voice, and often their name, address and other identifiable information.
This means every call recording you hold must comply with data protection law. The ICO updated its guidance on voice data processing in January 2026, introducing several clarifications that UK businesses need to act on.
What Changed in the ICO’s January 2026 Guidance?
The ICO’s refreshed guidance (published 15 January 2026) does not change the law itself, but it clarifies enforcement expectations in four key areas:
| Area | What the 2026 Guidance Says | What You Need to Do |
|---|---|---|
| Legitimate Interest Assessments (LIAs) | Businesses relying on legitimate interests must now document a formal LIA before recording begins. The ICO has signalled it will request LIAs during audits and expects them to be “specific, not boilerplate.” | Complete a written LIA for your call recording activity. Detail the specific business purpose, why recording is necessary (not just useful), and how you balance this against callers’ rights. Review annually. |
| AI analysis of recordings | Using AI tools (sentiment analysis, keyword spotting, automated scoring) on call recordings constitutes a new processing purpose. It must be covered by your lawful basis and disclosed in your privacy notice. | If you use AI transcription or call analytics, update your privacy notice and LIA to explicitly cover AI-assisted processing. Ensure your phone system provider’s DPA covers AI features. |
| Automated retention and deletion | The ICO now expects automated deletion of recordings at the end of the defined retention period. Manual “we delete when we remember” approaches are no longer considered adequate. | Configure automatic deletion in your phone system (most cloud platforms support this). Document your retention period — 90 days is typical for quality purposes; FCA-regulated firms typically need 5–7 years. |
| Transparency for employees | Staff whose calls are recorded must be informed clearly, including whether recordings are used for performance management or disciplinary proceedings. Generic “calls may be monitored” policies are insufficient. | Update your employee privacy notice and call recording policy to state exactly how recordings are used, who can access them, and whether they inform performance reviews or disciplinary action. |
⚠️ Important for 2026: The ICO has explicitly stated that using AI to analyse call recordings (transcription, sentiment scoring, automated quality scoring) is a separate processing activity that must be disclosed in your privacy notice and covered by your LIA. If you have enabled AI call analytics on your phone system without updating your privacy documentation, you should do so immediately.
What Lawful Basis Should You Use for Call Recording?
Under GDPR, you need a lawful basis to process personal data. For business call recording, the most commonly used bases are:
- Legitimate interests — the most common basis for UK businesses. You have a legitimate business interest in recording calls for training, quality and dispute resolution, provided this does not override the caller’s rights. You must now complete a formal LIA (see 2026 update above).
- Legal obligation — if your industry regulator requires you to record calls (e.g. financial services firms regulated by the FCA under MiFID II, or claims management companies regulated by the FCA).
- Consent — the caller explicitly agrees to be recorded. While valid, consent-based recording can be impractical because consent can be withdrawn at any time, which creates operational complexity.
Our recommendation: Most UK businesses should rely on legitimate interests with a documented LIA. Only use consent if your specific circumstances require it, or legal obligation if mandated by your regulator.
GDPR Call Recording Compliance Checklist (Updated April 2026)
| Requirement | What You Need to Do | Status |
|---|---|---|
| Privacy notice | Inform callers that calls are recorded, why, how long recordings are kept, and whether AI is used to analyse them. Include this in your main privacy policy and in a verbal announcement at the start of calls. | Required |
| Lawful basis documented | Record your lawful basis (usually legitimate interests) in your data processing register. Complete a formal Legitimate Interest Assessment (LIA) — the ICO’s 2026 guidance now treats this as mandatory in practice. | Required |
| Caller notification | Play an automated announcement before the call connects: “This call may be recorded for training, quality and compliance purposes.” If AI analysis is used, consider adding: “Calls may be analysed using automated tools.” | Required |
| Data minimisation | Only record calls where there is a genuine business need. If certain departments or call types do not require recording, disable it for those extensions. | Required |
| Encryption and security | Recordings must be encrypted in transit and at rest. Cloud phone systems handle this automatically; on-premise systems may need additional configuration. Ensure UK-based data centres are used. | Required |
| Retention period defined | Set and document a specific retention period. General business calls: 90 days is typical. FCA-regulated: 5–7 years. Legal disputes: retain until the matter is resolved. Automated deletion is now expected by the ICO. | Required |
| Automated deletion | Configure your phone system to automatically delete recordings after the retention period expires. The ICO’s 2026 guidance explicitly states that manual deletion processes are no longer adequate. | Required (2026) |
| Subject access requests (SARs) | You must be able to locate and provide any recording of a specific caller within one calendar month of a request. Cloud platforms with searchable recording libraries make this straightforward. | Required |
| Right to erasure | Callers can request deletion of their recordings unless you have an overriding legal obligation to retain them (e.g. FCA requirements). Document your process for handling erasure requests. | Required |
| AI processing disclosed | If you use AI transcription, sentiment analysis or automated call scoring, disclose this in your privacy notice and LIA. Ensure your provider’s Data Processing Agreement (DPA) covers AI-assisted processing. | Required (2026) |
| Employee privacy notice | Staff whose calls are recorded must be told clearly how recordings are used — including whether they inform performance reviews, coaching or disciplinary proceedings. | Required |
| Data Processing Agreement | If your recordings are stored by a third-party cloud provider, you must have a DPA (Article 28 UK GDPR) in place. Most reputable providers include this as standard. | Required |
| Annual review | Review your LIA, retention periods, privacy notices and call recording policy at least annually — or whenever your recording practices change. | Best practice |
Our recommendation: If you are unsure whether your current setup meets the ICO’s 2026 expectations, speak to our team. We configure GDPR-compliant call recording as standard on every Hypercloud system we deploy — including automated retention, caller announcements and searchable recording libraries.
What Are the Best Call Recording Solutions for UK Businesses in 2026?
The call recording market in the UK has consolidated around cloud-hosted platforms. Most businesses no longer buy standalone recording hardware — instead, recording is a feature of your VoIP phone system. Below we compare the leading options available in April 2026, with real UK pricing.
| Provider | Call Recording Cost | Storage | AI Transcription | Auto-Delete | UK Data Centres | Min. Users | Best For |
|---|---|---|---|---|---|---|---|
| Hypercloud (Connection Technologies) | Included free on all plans | Unlimited cloud | ✅ Included | ✅ Configurable | ✅ UK only | 1 | SMEs wanting all-inclusive pricing |
| BT Cloud Work | £4.50/user/month add-on | 12 months | ✅ Premium tier | ✅ | ✅ | 5 | BT existing customers |
| Vodafone One Net | £3.00/user/month add-on | 6 months | ❌ | ✅ | ✅ | 5 | Vodafone mobile bundle users |
| 8×8 X Series | Included from X2 plan (£22/user/month) | Unlimited (X4+) | ✅ X4 plan | ✅ | ✅ | 1 | Contact centres, international calling |
| RingCentral | Included from Standard plan (£18.99/user/month) | 90 days (Standard), unlimited (Premium+) | ✅ Premium plan | ✅ | ✅ | 1 | Mid-market, Microsoft Teams users |
| 3CX | Included on Pro plan (from £1.50/user/month self-hosted) | Local server (self-managed) | ✅ Via integration | ⚠️ Manual config | ⚠️ Self-hosted | 1 | Businesses wanting on-premise control |
| Gamma Horizon | £2.50/user/month add-on | 12 months | ❌ | ✅ | ✅ | 1 | Channel partner customers |
| Microsoft Teams (with compliance recording) | Requires third-party add-on (£3–£8/user/month) + Teams Phone licence (£7.50/user/month) | Depends on add-on | ✅ Via add-on | ✅ Via add-on | ✅ Azure UK | 1 | Businesses already on Teams |
| Mitel MiCloud | £5.00/user/month add-on | 12 months | ✅ Premium | ✅ | ✅ | 5 | Larger enterprises, existing Mitel users |
Pricing verified April 2026. All prices exclude VAT. Actual costs may vary based on contract length, user count and promotional offers. Contact providers or request a quote from Connection Technologies for exact pricing.
How Do These Call Recording Solutions Compare on Value?
The pricing table above reveals a wide range — from £0/user/month (Hypercloud, 3CX self-hosted) to over £10/user/month when combining Teams Phone with a third-party compliance recorder. Here is how to make sense of it:
- For small businesses (1–20 users): Platforms that include recording at no extra cost deliver the best value. You avoid the per-user add-on charges that multiply quickly. Hypercloud and 3CX Pro both include recording, but Hypercloud removes the burden of self-hosting.
- For mid-market (20–100 users): RingCentral and 8×8 offer comprehensive platforms with recording, AI transcription and analytics included at higher plan tiers. The all-in cost is higher per user, but the feature set is broader.
- For regulated industries (FCA, legal, healthcare): Long retention periods (5–7 years) and audit trails matter more than per-user cost. 8×8, RingCentral Premium and Hypercloud all support extended retention. BT and Gamma cap storage at 12 months unless you purchase additional archive storage.
- For Microsoft Teams environments: Native Teams recording is basic and not designed for compliance. You will need a certified third-party recorder (such as ASC, Dubber or Verint) at £3–£8/user/month on top of your Teams Phone licence. This is often the most expensive route.
🏆 Our pick: Hypercloud Hosted VoIP
For most UK SMEs, Hypercloud delivers the best balance of price, compliance and features. Call recording, AI transcription, automated GDPR retention and UK-only data storage are all included at no extra cost — no add-ons, no per-user recording charges, no surprise invoices. Get a free Hypercloud quote →
What About Standalone Call Recording Software?
If you are locked into an existing phone system and cannot switch providers, standalone call recording software may be an option. Products like Dubber (from £3/user/month), Akixi (call analytics with recording from £2.50/user/month) and Tollring iCall Suite (from £2/user/month via channel partners) can bolt onto many existing platforms.
However, standalone recorders add complexity — another supplier, another DPA, another system to manage. For most businesses, consolidating recording into your core phone system is simpler, cheaper and easier to keep GDPR-compliant.
What Are the Pros and Cons of Business Call Recording?
✅ Pros
- Dispute resolution — recordings provide an indisputable record of what was agreed on a call, reducing costly “he said, she said” disputes
- Staff training and coaching — managers can review real calls to coach agents, improving customer service and sales conversion rates
- Regulatory compliance — essential for FCA-regulated firms, legal practices and healthcare organisations that must evidence interactions
- Quality assurance — spot patterns in customer complaints, identify process failures and benchmark team performance
- AI-powered insights — 2026 platforms auto-transcribe calls and flag sentiment trends, giving you data you never had before
- Customer trust — customers often feel reassured knowing calls are recorded, as it creates accountability on both sides
- Low cost — cloud-based recording is free or £2–£6/user/month, a fraction of what hardware-based systems cost a decade ago
❌ Cons
- GDPR compliance overhead — you must maintain an LIA, privacy notices, retention policies and respond to SARs. This is manageable but not zero-effort
- Storage costs at scale — high-volume contact centres generating thousands of hours per month may face significant storage costs, especially with long retention periods
- Employee morale — some staff may feel surveilled. Clear communication about how recordings are used (and not used) is essential
- Data breach risk — recordings contain sensitive personal data. A breach of your recording archive could have serious ICO consequences. Encryption and access controls are non-negotiable
- Complexity with AI analysis — the ICO’s 2026 guidance treats AI analysis of recordings as a separate processing purpose, adding another layer of compliance documentation
- Not all calls need recording — recording every call indiscriminately can conflict with the GDPR principle of data minimisation. You should be deliberate about which calls are captured
Our verdict: For the vast majority of UK businesses, the benefits of call recording vastly outweigh the drawbacks — provided you invest 30 minutes setting up proper GDPR compliance from day one. The compliance overhead sounds daunting on paper but is mostly a one-time setup task with annual reviews.
How Do You Set Up Call Recording on a Business Phone System?
If you are using a modern cloud-hosted VoIP system, enabling call recording is typically a five-step process:
Step 1: Choose Your Recording Policy
Decide which calls to record: all calls, inbound only, outbound only, or specific departments/extensions. The GDPR principle of data minimisation means you should record only what is genuinely needed.
Step 2: Configure the Recording Announcement
Upload or select a pre-recorded announcement that plays to callers before they are connected. Most cloud systems include standard announcements, or you can upload a custom recording. Example: “This call may be recorded for training, quality and compliance purposes.”
Step 3: Set Your Retention Period and Auto-Deletion
Configure how long recordings are stored before automatic deletion. Common retention periods:
- General business use: 30–90 days
- Sales teams: 90–180 days (to cover contract dispute windows)
- FCA-regulated firms: 5–7 years (as required by MiFID II and FCA rules)
- Legal and healthcare: aligned to your specific regulatory requirements
Step 4: Configure Access Controls
Restrict who can listen to, download or delete recordings. Typically, only managers, compliance officers and authorised team leads should have access. Your phone system’s admin portal should allow granular role-based permissions.
Step 5: Update Your GDPR Documentation
Complete your LIA, update your customer-facing privacy notice and employee privacy notice, and add call recording to your data processing register. This is the step most businesses skip — and the one the ICO will ask about first.
On Hypercloud, our team configures all five steps during your onboarding — including a GDPR-compliant recording announcement and auto-deletion policy. Request a free setup consultation →
Which Industries Need Call Recording by Law?
While any UK business can record calls, some industries are required to do so by their regulator:
| Industry | Regulator | Requirement | Retention Period |
|---|---|---|---|
| Financial services (investment firms, wealth managers, stockbrokers) | FCA | MiFID II requires recording of all calls and electronic communications related to transactions or intended transactions | 5 years (extendable to 7 by the FCA) |
| Insurance intermediaries | FCA | IDD (Insurance Distribution Directive, retained in UK law) — record calls where insurance contracts are concluded or advice is given by phone | 5 years minimum |
| Claims management companies | FCA | Required to record sales and advice calls | As directed by FCA |
| Energy suppliers | Ofgem | Must record telesales calls and verbal contract agreements | 2 years minimum |
| Healthcare (NHS and private) | CQC / NHS England | Not universally mandatory, but strongly recommended for clinical helplines, triage and 111 services | Varies by trust/provider policy |
| Legal services | SRA | Not mandatory, but widely adopted for evidencing client instructions and professional indemnity purposes | 6+ years (aligned with limitation periods) |
If your business falls into any of these categories, call recording is not optional — it is a regulatory obligation. Ensure your phone system supports the required retention periods and can produce recordings for regulatory audits on demand.
Best for regulated industries:Hypercloud, 8×8 X4, and RingCentral Premium all support extended retention periods of 5+ years with searchable archives and audit-ready export. Get a tailored quote for your regulated business →
Frequently Asked Questions About Call Recording
Can I record a phone call without telling the other person in the UK?
For business calls on your own network, yes — the LBP Regulations permit recording without the other party’s consent for legitimate business purposes (training, quality, compliance, dispute resolution, crime prevention). However, best practice is always to inform callers with an automated announcement, and UK GDPR requires you to be transparent about recording in your privacy notice.
How long should I keep call recordings?
There is no single answer — it depends on your industry and purpose. For general business use, 90 days is standard. FCA-regulated firms must retain recordings for 5–7 years. Whatever period you choose, document it in your retention policy and configure your phone system to auto-delete recordings when the period expires.
Do I need to record all calls or just some?
You do not need to record every call, and the GDPR principle of data minimisation suggests you should only record calls where there is a genuine business or regulatory need. Most businesses record all customer-facing calls but exclude internal-only calls between colleagues.
What happens if a customer asks for a copy of their call recording?
This is a Subject Access Request (SAR) under UK GDPR. You must provide a copy of the recording (or a transcript) within one calendar month. Cloud phone systems with searchable recording libraries make locating specific calls straightforward.
Can an employee refuse to have their calls recorded?
If you rely on legitimate interests as your lawful basis and recording is a proportionate, documented business requirement, employees cannot simply opt out. However, you must inform them clearly in their employment contract or employee privacy notice, and you must handle objections through your GDPR process. If you use consent as your lawful basis, employees (and callers) can withdraw consent at any time — which is one reason most businesses prefer legitimate interests.
Is call recording on mobile phones different?
The same laws apply regardless of whether the call is on a desk phone, a VoIP softphone, or a mobile. However, recording mobile calls can be more technically complex. Many hosted VoIP systems include mobile apps that route calls through the platform, enabling automatic recording. Native mobile calls (via your standard mobile carrier) typically cannot be recorded without a third-party app.
What is the penalty for non-compliance with GDPR call recording rules?
The ICO can issue fines of up to £17.5 million or 4% of global annual turnover (whichever is higher) for serious GDPR breaches. In practice, most penalties for SMEs are much smaller — typically £5,000–£500,000 — but an ICO investigation is costly and disruptive regardless of the fine amount. Reputational damage can be even more significant.
Can I use call recordings as evidence in court?
Yes. Call recordings are admissible as evidence in UK courts and tribunals, provided they were obtained lawfully. Recordings made under the LBP Regulations for legitimate business purposes are generally admissible. This is one of the strongest business cases for recording — a single recording that proves a verbal agreement can save your business thousands of pounds in disputed contracts.
Next Steps: Get Compliant Call Recording for Your Business
Call recording in 2026 is affordable, accessible and — when set up correctly — fully compliant with UK law and GDPR. The ICO’s updated guidance means you can no longer treat compliance as an afterthought: you need a documented LIA, automated retention, transparent privacy notices and explicit disclosure of any AI analysis.
The good news is that all of this is straightforward to configure on a modern cloud phone system. Most businesses can be fully set up and compliant in a single afternoon.
Get GDPR-Compliant Call Recording — Set Up Free
Connection Technologies configures compliant call recording on every Hypercloud system at no extra cost — including automated announcements, retention policies, AI transcription and UK-only data storage. No per-user recording fees. No add-on charges.
See also our guide on Reviving the Lost Art of the Business Call (download PDF) for more details.
See also our guide on The power of the business call infographic for more details.
Or call us: 01onal number | Takes 60 seconds | No obligation
Related Guides
- What Is VoIP? The Complete UK Business Guide (2026)
- Best Business Phone Systems UK — 2026 Comparison
- Best Cloud Phone Systems for UK Businesses (2026)
- VoIP vs Landline: Which Is Better for UK Businesses?
- Hypercloud Hosted VoIP — Features, Pricing and Setup
This guide is for general information purposes and does not constitute legal advice. For specific compliance questions relating to your business, consult a qualified data protection professional or solicitor. Pricing information is accurate as of April 2026 and subject to change. Connection Technologies is a UK-based B2B telecoms provider. Get a personalised quote.
Call recording included as standard
Hypercloud includes call recording, AI transcription and compliance features in every plan. Explore Hypercloud hosted VoIP →
Related Reading
More from the Connection Technologies blog.
Also worth a look