How GDPR Will Impact Telecom Expense Management for the Enterprise

Posted by
Josh Bouk

15 May 2018


Judgement day is fast approaching. But May 25th, 2018 doesn’t mark the end of the world. Instead, it’s the deadline for GDPR  which could spell a similarly apocalyptic fate for ill-prepared organizations.

The penalties for GDPR non-compliance are truly remarkable – up to $20million or 4% of global annual turnover, whichever is the greater – and companies who believe they can shirk responsibility or look the other way, are in for a shock.

GDPR is set to have a colossal effect on companies across virtually all industries, but for TEM customers specifically  who routinely allow vendors to process call detail records and logs, personally identifiable information (PII), and sensitive personal information (SPI)  the impact will be particularly hard felt.

To provide some much-needed clarity on the subject, we have divided the seven key GDPR changes into two distinct groups: those that impact enterprises directly, and those that impact the end-user.

This first post will tackle the three core GDPR changes that will impact enterprises who utilize telecom expense management (TEM) services, including how GDPR relates to TEM, and what TEM customers need to do to avoid complication. 

If your TEM vendor isn't helping you to become GDPR compliant, maybe it's time  for a change: Download the Gartner Market Guide to gain up-to-date insight into  the current TEM marketplace.

1. Increased Territorial Scope

Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects* residing in the European Union, regardless of the company’s location.

On the face of it, the increased territorial scope is a method of increasing the jurisdiction of the EU. It aims to remove any ambiguity present in previous laws to make it clear that regardless of whether data is housed, processed, or passes through the EU or is from an EU citizen, it must ALWAYS adhere to GDPR regulations. No exceptions.

For TEM customers, who are responsible for end-user's data regardless of who is housing or processing it, it's absolutely necessary to partner with a provider that has the global reach and capability to process EU data in line with these stipulations, or else face significant penalties alongside their vendor.

2. Consent

The conditions for consent have been strengthened, and companies will no longer be able to use long, illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.

While consent is by no means a new addition to data protection, the stipulations surrounding it are now far more stringent. Now, you are in direct breach of GDPR rules if you attempt to process or store any form or PII or SPI without the owner’s explicit permission, and this includes call logs, mobile number, username, etc.  

For TEM customers, it’s paramount to get the end-user's explicit permission before any information is housed or processed. To this end, your TEM provider should ideally help with the sourcing of data, but at the very least must be able to provide proof of end-user opt-in and safely store this information for easy retrieval.

3. Privacy by Design

Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.

Privacy has always been a cornerstone of EU law. In fact, article 8 of the European Convention on Human Rights states: “Everyone has a right to the respect for his private and family life, his home and his correspondence.” But, until now, the sanctions that could be imposed lacked teeth.

For TEM customers, the encryption and protection of all data, whether in transit or at rest has become of the utmost importance. While failure to provide this level of service in the past resulted in minimal sanctions, now the full force of the GDPR penalties is behind it.

GDPR with Cass

Cass Telecom is a pioneer for enterprise GDPR-compatibility within the TEM space. As a global provider of TEM services, we have scope to process EU data in-line with the increased territorial scope. By storing all PII and SPI data together and maintaining an audit trail of acceptance, we fully adhere to the consent directive.

Finally, no matter the data we collect, process, store or transfer, we have the infrastructure in place to ensure data is fully protected and end-to-end encrypted, no matter where it is or where it’s going.

In no uncertain terms, we are helping global enterprises be compliant with GDPR, today. Unlike countless other TEM providers who are unable to offer the same level of assurances and guarantees about the new EU directive, here at Cass, we provide a fully-GDPR-compliant service you can rely on.

For more information regarding GDPR and how Cass Telecom can help you to become compliant, get in touch with one of our experts. Or, to discover why Cass Telecom was described by Gartner as the only publicly traded player that delivers real results, worldwide – download the 2018 market guide report.

Gartner 2018 TEM Market Guide

* A data subject (the end-user) 

Topics: TEM | GDPR

Latest Posts

4 Reasons to Partner with a TEM Vendor for Procurement Projects

Regardless of where they’re based or what they do, companies around the world need to make faster and more strategic sourcing decisions to retain a competitive edge.

The 7 Most Important Elements in Managed Mobility

Changing working practices and the perpetual sprawl of mobile devices are behind the ongoing rise of managed mobility services (MMS)

How TEM Providers Identify Opportunities for Savings

Telecom expense management (TEM) is the process of consolidating, managing, and optimizing the telecom environment to reduce costs and minimize risk.

Never miss a post: