Judgement day is fast approaching. But May 25th, 2018 doesn’t mark the end of the world. Instead, it’s the deadline for GDPR – which could spell a similarly apocalyptic fate for ill-prepared organizations.
The penalties for GDPR non-compliance are truly remarkable – up to $20million or 4% of global annual turnover, whichever is the greater – and companies who believe they can shirk responsibility or look the other way, are in for a shock.
GDPR is set to have a colossal effect on companies across virtually all industries, but for TEM customers specifically – who routinely allow vendors to process call detail records and logs, personally identifiable information (PII), and sensitive personal information (SPI) – the impact will be particularly hard felt.
To provide some much-needed clarity on the subject, we have divided the seven key GDPR changes into two distinct groups: those that impact enterprises directly, and those that impact the end-user.
This first post will tackle the three core GDPR changes that will impact enterprises who utilize telecom expense management (TEM) services, including how GDPR relates to TEM, and what TEM customers need to do to avoid complication.
1. Increased Territorial Scope
Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects* residing in the European Union, regardless of the company’s location.
On the face of it, the increased territorial scope is a method of increasing the jurisdiction of the EU. It aims to remove any ambiguity present in previous laws to make it clear that regardless of whether data is housed, processed, or passes through the EU or is from an EU citizen, it must ALWAYS adhere to GDPR regulations. No exceptions.
For TEM customers, who are responsible for
The conditions for consent have been strengthened, and companies will no longer be able to use long, illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.
While consent is by no means a new addition to data protection, the stipulations surrounding it are now far more stringent. Now, you are in direct breach of GDPR rules if you attempt to process or store any form or PII or SPI without the owner’s explicit permission, and this includes call logs, mobile number, username, etc.
For TEM customers, it’s paramount to get the
3. Privacy by Design
Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.
Privacy has always been a cornerstone of EU law. In fact, article 8 of the European Convention on Human Rights states: “Everyone has a right to the respect for his private and family life, his home and his correspondence.” But, until now, the sanctions that could be imposed lacked teeth.
For TEM customers, the encryption and protection of all data, whether in transit or at rest has become of the utmost importance. While failure to provide this level of service in the past resulted in minimal sanctions, now the full force of the GDPR penalties is behind it.
GDPR with Cass
Cass Telecom is a pioneer for enterprise GDPR-compatibility within the TEM space. As a global provider of TEM services, we have scope to process EU data in-line with the increased territorial scope. By storing all PII and SPI data together and maintaining an audit trail of acceptance, we fully adhere to the consent directive.
Finally, no matter the data we collect, process, store or transfer, we have the infrastructure in place to ensure data is fully protected and end-to-end encrypted, no matter where it is or where it’s going.
In no uncertain terms, we are helping global enterprises be compliant with GDPR, today. Unlike countless other TEM providers who are unable to offer the same level of assurances and guarantees about the new EU directive, here at Cass, we provide a fully-GDPR-compliant service you can rely on.
For more information regarding GDPR and how Cass Telecom can help you to become compliant, get in touch with one of our experts. Or, to discover why Cass Telecom was described by Gartner as the only publicly traded player that delivers real results, worldwide – download the 2018 market guide report.
* A data subject (the end-user)