General Data Protection Regulation (GDPR) takes effect on 25th May, 2018, and if your product maintains or processes the personal information of EU citizens, then you need to take GDPR seriously.
What is GDPR?
GDPR is a comprehensive set of policies designed to safeguard the privacy of citizens of the EU. The following key principles are at the core of GDPR:
If you collect and/or process personal information such as telephone numbers, IP Addresses, email ids etc. then you must ensure that you do so only with clear and specific consent of your users.
The onus is on you to ensure that your users know exactly what they are signing up for, so consider simplifying the language of your Terms of Service, clearly spelling out what personal data you intend to hold and process. Don’t have that checkbox preselected, and implement double opt-in for marketing communication.
Specifically, the GDPR grants the following rights to every EU citizen:
- The right to be informed about what personal data you intend to maintain, why access to that data is required and how you intend to process it.
- The right of access to the personal data that you hold about them, at no extra cost.
- The right of rectification of inaccuracies in their personal information.
- The right to erasure of their personal information from your systems, and third party systems to which this data may have been propagated.
- The right to restrict processing of their personal data.
- The right to data portability
- The right to object to further processing of their personal data.
- Rights regarding automated decision making
The GDPR requires businesses to take necessary measures to ensure a high level of information security. If you save or process the personal data of EU citizens, then you are accountable for securing this data as per industry best practices.
Access logs should be maintained for operations carried out on the personal data of EU citizens. Any data breach must be communicated to impacted users quickly and transparently.
The GDPR also requires some organizations to appoint a dedicated Data Protection Officer (DPO). Consult with a GDPR expert to ascertain if your organization needs to appoint one.
A key theme that runs across all of GDPR is ‘Data Minimization’. That is to say, you should only hold the bare minimum personal information needed by you to offer your services effectively.
Additionally, personal data should only be maintained for the period necessary, and should be deleted once its utility is lost.
Today, data storage is inexpensive, as a result modern systems and products tend to maintain data in excess, and for longer periods of time. We recommend you do a thorough audit of your data systems and logging strategy. We sure have!
What is Plivo doing to get GDPR ready?
Plivo has been working on a dedicated product roadmap that places customer consent, information security and data minimization at the very core of it’s communications platform.
Here are the key initiatives and product features and details on how we are preparing to be compliant by May 25th 2018:
Access Control & Logging for Systems and Teams
Here at Plivo, our systems are designed on the principles of Microservices architecture. Interactions across hundreds of independent services are carefully choreographed to ensure the smooth functioning of a robust, fault tolerant and highly available system.
We’re cutting down the excess fat off our services, making sure that each microservice only has access to the data it absolutely needs to do it’s work.
We’re assigning a unique signature to every data-access client in our system, and shall be logging every read/write operation carried out on our persistent datastores, as well as on our system caches.
Data access policies for individuals in the organization is as critical, if not more, as that for our software services. We’re auditing the access levels of all individuals in the organization to ensure that people have access only to the data they absolutely require to do their job.
Message Redaction For Incoming and Outgoing SMS
While we’ve never in our history saved SMS message contents to our databases, we’re now offering our users the ability to control whether message contents and telephone numbers should be printed to Plivo debug (internal and external) logs.
log parameter of the Send Message API when set to
False disables logging of message content, and also ensures that the destination number is redacted from the Message Detail Record. This feature has been available to all our customers for over a year now.
Soon, you will also be able to configure whether incoming messages received on your Plivo numbers should be logged in our systems, or not.
This capability will be exposed in the form of an Application level setting, and would apply to all Plivo numbers associated with the Application. The source number from which the message originated would be redacted from Plivo logs and MDRs as well.
Role Based Access Control and 2FA
Your Plivo dashboard lets you can track usage, access API credentials, debug technical problems, update billing information, download invoices, and much more.
We realize the need to ensure members of your organization have access only to the dashboard features and data which is relevant to their role in your organization. Your finance department does not require access to your Plivo API credentials, and your development team need not worry about billing and invoicing.
We shall soon be launching the all new Plivo management console with advanced user management features like Multi User Login, Single Sign On, Role Based Access Control and User Activity Logs.
For improved security, we will be enabling Two-Factor Authentication on the Plivo management console for all our customers by default.
Encrypted Storage For Recordings & Transcripts
Recordings and transcripts of your Voice calls can hold sensitive information pertaining to your end users.
Plivo hosts your voice recordings and transcripts on Amazon S3. All recordings will be encrypted at rest and securely stored in AWS S3 buckets.
Revised MDR and CDR archival processes
Going forward, Plivo will maintain MDRs and CDRs in its transactional databases for a period of 90 days only. MDR/CDR information in transactional databases is required for billing, accounting purposes by us and our customers.
We feel that the utility of this data in our transactional databases is lost after 90 days, and hence shall be deleting it at the end of the 90 day period.
Redacted MDRs and CDRs will be archived for much longer time periods in our data warehouse. This means that the last 3 digits of the source and destination numbers shall be masked in the CDRs and MDRs maintained in our data warehouse.
We recommend that you extract MDRs and CDRs from the Plivo system within 90 days from generation if you intend to maintain this information at your end. Requesting for MDRs and CDRs that are older than 90 days will involve a longer turnaround time and the data provided will be redacted.
Data Security Audits
We’re getting all our systems and processes audited for GDPR compliance. Our objective is to have all personal data in our systems secured and encrypted, between our systems and at rest.
Revised Account Deletion Policy
We are reworking our internal and external processes to align with the GDPR requirements to make sure that if you decide to close your account with Plivo, your data will be deleted from all Plivo systems, except where other laws (SOX compliances, legal requests or like taxation and accounting) require us to keep it.
As per the new process,
- Account closure requests from customers in good standing will be addressed within 15 business days.
- Personal data in third party systems will be deleted.
- Usage data (CDRs, MDRs, Debug logs) and billing history (invoices, transaction logs) will be maintained for a period of 90 days from account closure.
- All other identifiable data associated with the customer will either be deleted or redacted from our databases.
As your communications partner, we understand that our compliance with GDPR is critical for your business. We are making all the efforts to ensure your customer data stays safe, while also being mindful about keeping things simple for developers. We will continue to share regular updates about upcoming changes. If you have specific questions about our GDPR readiness roadmap, write to us at firstname.lastname@example.org.
Disclaimer: None of the content above is legal advice. Please seek legal counsel for specific recommendations related to GDPR compliance.