How Does GDPR Affect My Business Phone Systems
There is huge talk about GDPR, if you are a business you need to keep yourself in the loop. Make sure your telephone systems do not break the new law regarding: data protection & data handling. Make sure your business telephone systems do not breach the law.
What is GDPR?
The General Data Protection Regulation (GDPR) demands all companies to adhere to strict processes and procedures while collecting and storing personal data of European Union (EU) citizens. It aims to strengthen data protection efforts for all residents of the EU, and also ease the regulatory environment for international trade by offering a uniform regulation throughout the EU. GDPR comes amid a backdrop of an increasing demand for data privacy and a global climate of fear over possible data vulnerabilities. Did you know that telephone systems have to abide by GDPR laws?
When is the deadline to become GDPR compliant?
This new law came into force in May 2018, and will replace the archaic Data Protection Directive. While that seems quite a while ago there is still a lot to do and this transition period will allow organisations to set in place processes that will help them manage information (data) flow more effectively. Make sure your telephone system is up to date when the changes to GDPR comes into affect.
What is the scope of GDPR?
GDPR does not apply to all organisational information, but only Personally Identifiable Information (PII). Again, the idea is that this personal data should be stored with the explicit consent of the user and should only be used for the purpose specified while obtaining data. Both data processors as well as data controllers are liable under GDPR. All companies within the EU are subject to this regulation, regardless of where the data is stored and processed. The jurisdiction of GDPR also covers businesses outside the EU which offer goods and services to EU residents. The business telephone system must be kept up to date where GDPR is concerned.
What are the key provisions of GDPR?
Privacy by design and default – GDPR needs organisations to include privacy in their processes and systems by design. This means that all the company software and systems should adhere to the key tenets of GDPR. For instance, the software should be able to completely erase personal data if required by the data subjects. These changes will also affect companies who could call, does your business incorporate telemarketing into it mix? Make sure your business telephone systems are up to date.
Right to be forgotten – Before we examine this provision, it’s worth recalling the story of Spanish resident Mario Costeja González. Back in 2009, the Spaniard began a five-year battle with Google when he discovered an incriminating story about himself from 1998. Costeja wanted Google to remove links to the story which were not relevant to his life anymore. With the help of the Spanish Agency of Data Protection, he knocked on the doors of the European Court of Justice which ultimately ruled in his favour. This decision underlined the importance of the ‘Right to be Forgotten’. Organisations cannot hold any data without prior approvals and need to have strict mechanisms in place to delete data if requested by users. If you are calling anyone from your telephone system, they must already be on your data base, or have given you permission to make contact.
Right to Data Portability – GDPR allows data subjects to obtain and transfer personal data, from one data controller to another, in a safe and secure fashion. This provision allows individuals to leverage their personal data for their own benefit. Make sure your data is up to date RE: your telephone system.
Explicit opt-in consent – GDPR strengthens the case for explicit opt-in consent from customers before using their personal data. Control over one’s personal data, a simmering issue in the US, is a big aspect of GDPR. Under the regulation, the data subject is completely in control of their own data. Organisations also need to make sure that they communicate clearly while asking for personal data and also clarify about its intended usage. You can use this opportunity to update your telephone system with new features, don’t get caught out.
Harsh non-compliance fines – The regulation places strict demands on businesses as non-compliance will result in penalties of up to 4% of worldwide turnover or 20 million Euros, depending upon the nature of violation. Make sure your business telephone system does not violate GDPR terms.
Stricter rules for data breaches – Breach notification is another key provision of GDPR. Under this provision, it will become mandatory for organisations to notify the data protection authority and customers within 72 hours of a data breach.