May 25, 2018 — the GDPR compliance deadline — is rapidly approaching. While the European Union’s General Data Protection Regulation (GDPR) has been in place for nearly two years now, the grace period for compliance is coming to an end.
Is this only for European establishments? The regulation goes well beyond businesses based in the EU to include any organization doing business within the EU zone, including businesses and even individuals. GDPR applies to your customers in the EU. It all comes down to where their data is shared and with today’s global cloud solutions, this means any organization doing business with literally anyone within the EU will need to meet GDPR requirements. It may be EU-driven, but it is essentially a new global standard.
GDPR and UC
Unified Communications (UC), phone systems and collaboration solutions are particularly susceptible to GDPR requirements. UC is typically a complex, multi-vendor solution that includes services such as Voice Recording applications, Agent Desktop applications, Call Accounting and Billing, Attendant Consoles, IVR applications, Monitoring applications, Provisioning applications and many more that operate and obtain data from PBX/UC vendor products. Many are at least partially cloud-based, adding to the complexity.
When you factor in the many apps, solutions and services that comprise a UC platform, you can see how personal data within the system includes many levels of information, some very detailed. Beyond names, birth dates, email addresses, user names and photos, there could be payment or billing information and other sensitive data.
With the rise of business tools that extract informational value from individual users in the form of analytics and embedded intelligence services, these basic usage details are becoming quite valuable. Further behavioral insights may be obtained by retaining records of calling patterns, virtual conference details, application usage and geolocation figures. Information that might have had little use in years past continually increases in value today as data analysis becomes more advanced. The GDPR legal standard aims to address this.
Compliance Starts with Analysis
Meeting GDPR compliance for UC means implementing, tightening and documenting the data handling strategy and techniques when dealing with EU-based customer data. This must include all the solution providers who consume data from the UC provider or are part of the solution.
Irrespective of the solution being on-premise or cloud-based, the need for being complaint remains the same. Cloud-based applications have more actions to take in terms of securing and adhering to the data handling security expectations. In addition to that, applications or processes that use cloud-based third-party products like data storage, data analytics and intelligence have to be validated and regularized to be compliant with the GDPR regulations as well.
This is where the importance of proper analysis and retrospection of your data handling techniques becomes paramount in meeting GDPR requirements. An analysis and validation can ensure that how you handle the personal data of customers is up to spec when passing sensitive data between vendors, solution providers and third-party party applications.
I will cover with more practical examples and how tekVizion can help in my further blogs on GDPR. Stay tuned …