• Log in
  • About Us
  • Privacy Policy
  • Contact us
Telecoms IT - VanillaPlus
  • Home
  • News
  • Verticals
    • 4G
    • 5G
    • Big data analytics
    • Bill & Charge
    • CEM
    • Companies
    • Digital transformation
    • Fraud prevention
    • Managed services
    • Network optimisation
    • NFV Hub
    • OSS
    • People
    • Policy
    • Revenue assurance
    • Revenue management
    • Service assurance
    • Service Provisioning
    • Test & measurement
  • Digital Edition
  • Events
  • Videos
  • VP Featured
    • Webinars
    • Digital Talking Heads
    • Editorial advisory board
    • Expert opinions
    • Hot List
    • Operator View
    • Press releases
    • Reports & whitepapers
    • Special reports
    • Talking Heads
    • Troubleticket
    • Features list 2019
  • Directory
  • BlackBook
  • Subscribe
 

You are here:

  • Home
  • News
  • The final stretch to GDPR – when is it time to panic?

The final stretch to GDPR – when is it time to panic?

03 May, 2018 at 10:43 AM

Posted by: George Malim

The final stretch to GDPR – when is it time to panic?
Curtis Peterson, RingCentral

Doom, gloom and a bit more doom – the big stick with which the incoming General Data Protection Regulation (GDPR) regulation can hit organisations that breach its statues has raised widespread concern, writes Curtis Peterson, the senor vice president of Cloud Operations at RingCentral.

For those that have ignored GDPR completely and are now only considering a position, what is the get out of jail card needed to prevent a worst case scenario?

I just left the bunker – so what is GDPR?
The GDPR is a regulation which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). Its primary objective is to return control of personal data to EU citizens and to simplify the regulatory environment for international business by unifying data protection compliance within the EU. Before heading to the IT department with a bag-o-cash for some magic bullet shaped technology that will instantly fix compliance; the first thing to understand is that GDPR is about processes and policies which can be implemented and controlled using certain technologies.

Processing personal data
The most crucial aspects of the regulation are that organisations are only allowed to collect personal data for specified, explicit and legitimate purposes which must processed lawfully, fairly and in a transparent manner. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Knowing me, knowing you!
That preceding paragraph is summation of just 1 of the 100 articles that make up GDPR. For this time-to-panic guide, the other 99 can be summed up as “you need to have explicit consent to collect or share this information and if a person wants to examine the data you hold on them, then you need to make it available on request.”

Panicking yet? Well the first thing you need to do is to find out what personal information your organisation holds. This could reside within mailing lists, customer relationship management systems and even HR records. You also need to find out where this data is stored, if it is shared with any third parties and critically what it is used for? You also need to find out who has access to this data and under what circumstances and – ultimately – if this data is destroyed at some point. This requires a GDPR compliance audit and there are several firms that can do it for you or you can assemble a multi-discipline team and carry out the process internally.

This process might take days or weeks depending on the size of your organisation and the number of systems you maintain but ultimately it will result in a list that should answer a few questions: What personal data do we hold? Where do we keep it? And what do we use it for?

Do we need to know?
These answers can immediately help you to flag up major issues which article 9 of GDPR stipulates: “Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.”

There are exceptions such as the person has given consent, or you need the information for processing as part of legitimate activities. So, for example, union affiliation is necessary data if your organisation is Unison. But holding information on sexual orientation is almost certainly prohibited.

On the dotted line
The next question to ask is do you have consent to hold, process and transfer any of this personal data? In very broad terms, if the data held has information that is covered in article 9 (race, ethnicity, political opinions, regions, beliefs, genetics etc) – basically anything more than name, address; then you need to find a corresponding affirmation of consent which could have been electronically obtained that correlates to each person whose data you wish to process.

Most of the ‘terms and conditions’ that people sign to gain access to electronic services such as pay-TV, dating apps, even the mighty Google, have embedded consent forms that require a click before continuing. Many paper contracts have similar legalise and it is wise to ensure that all customer communication includes these consent forms are included in all electronic and printed communications moving forward.

Pretend you’re the customer
Lastly, GDPR requires that organisations can produce the information held on a person, change it if it is incorrect and delete that information if consent is removed. So what now? Well, it would be a good idea to test using a few dummy accounts if your organisation can do all the above and document the processes needed to accomplish these tasks in a timely manner. If not, then you need to rebuild these workflows to be able to carry out these measures.

On a side note, the cloud can help with some of these workflows by allowing you to collate and synchronise personal data in a centralised repository. However, trying to sum up a quick fix for a regulatory framework that the EU allowed 24 months to be implemented is still a challenge. The final bit of advice is to take it seriously or be part of the first test cases that find out just how painful a fine of 2% of global revenue of €20 million really feels like.


category: News, News, Risk & Compliance, Telco Cloud, Telecoms

Tags: consent, Curtis Peterson, data, Data Protection, EU, GDPR, General Data Protection Regulation, IT< cloud, RingCentral, sharing data

IoT Vanillaplus Black book Report

Black Book – The definitive content hub for the Telecoms industry,

The ultimate collection of the very best analyst reports, case studies, contract wins & panel debates.

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Subscribe
Relax time
Read the new novel by J.J. Cowan on Africa’s conflict minerals trade and forced labour. 5* Reviews on Amazon.co.uk Paperback & Kindle

Check out on Amazon

X

Be the first to know!

  • The top telecom IT news stories of the minute
    in your inbox
  • Exclusive offers for entry into hundreds of
    events worldwide
  • Free access to a huge selection of the latest
    analyst reports and whitepapers
Subscribe now so you don't miss out
Don’t show me this again
Please check your email
Vanillaplus - The Global Voice of Telecoms IT
The Global Voice of Telecoms IT

VanillaPlus is the world-leading resource covering digital transformation for the communications industry. VanillaPlus brings you exclusive News, Expert Views, and Event Reviews. See Interviews from CEOs, CTOs, and COOs who are successfully transforming their business today.

Connect

Facebook Twitter YouTube LinkedIn

NEWS

  • Latest Telecoms IT news

DIGITAL EDITION

  • Latest Editions

OTHER

  • Newsletters [Archive]

KNOWLEDGE CENTRE

  • Webinars
  • Special Reports
  • Talking Heads
  • Editorial Advisory Board

COMPANY

  • About
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

PARTNERS

  • IoT News

© 2014-2016 VanillaPlus - The global voice for telecoms IT. All rights reserved.