How GDPR Will Impact Telecom Expense Management for the End-User

17 May 2018 | Posted by Cass Information Systems, Inc.

As the late, great Benjamin Franklin once said: “failing to plan is planning to fail” and, in regard to the European Union General Data Protection Regulation, this point certainly holds water.

According to the official document: “The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.”

The regulation aims to build on the key principles of the former Data Protection Directive while strengthening the rights of all European individuals and their claim on personal data.

In a previous post, we examined three key GDPR changes that would impact enterprises who utilize telecom expense management (TEM) services. Here, we explore how GDPR will impact the rights of the end-user and how this should guide your decision making when choosing a TEM provider. 

Download your complimentary copy of the 2023 Gartner Market Guide for Telecom  Expense Management Services.

1. Breach Notification

Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals.”

Notification of data breaches is a top priority within the new GDPR legislation. In an attempt to provide greater clarity into the current safety of their data, GDPR states that end-users must be informed when data breaches occur “without undue delay”.

For TEM customers, also known as data controllers*, it’s crucial that your TEM providers, or data processors**, have the protocols in place to provide information regarding data breaches quickly and efficiently. And perhaps most importantly, it’s paramount that the security and safety of your end-users' data is always made a top priority.

2. Right to Access

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.

The right to access represents a dramatic shift to data transparency and empowerment of the end-user. Under GDPR, end-users are able to demand to see all the information that a business holds on them, including call detail records and logs, mobile history, data usage history, etc.

For TEM customers, it’s critically important to ensure your TEM provider has the infrastructure in place to receive and process such requests, as well as the capability to find and retrieve data for a specific end-user and transfer it in a readable electronic format within the 30-day deadline. 

3. Right to be Forgotten

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

Following on from the right to access, the right to be forgotten again empowers the end-user to determine who access their data. If they demand their personal data, or more aptly their telecom information, be removed, the data controller must be able to process this request without delay.

For TEM customers, it's essential your TEM provider has the required infrastructure in place. But, additionally, you must also ensure your vendor has the capability to delete or anonymize the data of a specific end-user entirely. 

4. Data Portability

GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a 'commonly used and machine-readable format' and have the right to transmit that data to another controller.

The right to data portability is one that does not have an equivalent in the current Data Protection Directive. In practice, this right allows an end-user to request a copy of all personal data they’ve provided to a data controller be transmitted directly to another controller. The purpose being that end-users can switch providers without a loss of data.

For TEM customers, it’s crucial to ensure all personal data collected from end-users – specifically telephone call logs, mobile data, usage data, PPI, and SPI – is stored in a routinely-used electronic format that is easily transferable, and you have the infrastructure necessary to send it to a third-party.

GDPR with Cass

Cass Telecom has revolutionized GDPR-compatibility within the TEM space. As a federally regulated, SSAE 16 type II certified company, data protection is a core aspect of our wider business aims, so you can rest assured that your end-user's data is in the safest hands possible.

Regarding the right to access, the right to be forgotten, and the right to data portability, we have the infrastructure in place to handle any and all of these requests and rapidly provide information regarding the data on record, how it’s collected, where it's stored and for how long. But, additionally, we offer our support in collecting consent to mitigate these concerns.

In no uncertain terms, we are helping global enterprises be compliant with GDPR, today. For more information regarding GDPR and how Cass Telecom can help you to become compliant, get in touch with one of our experts.

Learn more about today’s telecom expense management landscape with the help of Gartner. Their independent analysis of the market is an invaluable source for IT and finance professionals. Download your copy of the 2023 Gartner® Market Guide for Telecom Expense Management Services today.

New call-to-action

* A data controller (the TEM customer) states how and why PII is processed.

** A processor (the TEM provider) performs the actual processing of the data.

Topics: GDPR

Get regular Telecom roundups direct to your inbox.