The General Data Protection Regulation (GDPR) takes effect on May 25. If your organization maintains or processes the personal information of EU citizens, you need to take GDPR into account.
What is GDPR?
GDPR is a comprehensive set of policies designed to safeguard the privacy of EU citizens. Several key principles are at the core of GDPR:
If you collect and/or process personal information such as telephone numbers, IP addresses, or email IDs then you must ensure that you do so only with the clear and specific consent of your users.
The onus is on you to ensure that your users know exactly what they’re signing up for, so consider simplifying the language of your terms of service and clearly spelling out what personal data you intend to hold and process. Don’t have that checkbox preselected, and implement double opt-in for marketing communication.
Specifically, the GDPR grants these rights to every EU citizen:
- The right to be informed about what personal data you intend to maintain, why access to that data is required, and how you intend to process it.
- The right of access to the personal data that you hold about them, at no extra cost.
- The right of rectification of inaccuracies in their personal information.
- The right to erasure of their personal information from your systems, and third-party systems to which this data may have been propagated.
- The right to restrict processing of their personal data.
- The right to data portability.
- The right to object to further processing of their personal data.
- Rights regarding automated decision-making.
The GDPR requires businesses to take measures to ensure a high level of information security. If you save or process the personal data of EU citizens, you are accountable for securing this data per industry best practices.
Access logs should be maintained for operations carried out on the personal data of EU citizens. Any data breach must be communicated to impacted users quickly and transparently.
The GDPR also requires some organizations to appoint a dedicated data protection officer (DPO). Consult with a GDPR expert to ascertain whether your organization needs to appoint one.
A key theme that runs across all of GDPR is data minimization — you should hold only the bare minimum personal information you need to offer your services. Additionally, personal data should be maintained only for the period necessary, and should be deleted once its utility is lost.
Today, data storage is inexpensive, and as a result modern systems and products tend to maintain data in excess, and for longer periods of time. We recommend you do a thorough audit of your data systems and logging strategy. We sure have!
What’s Plivo doing to get GDPR-ready?
Plivo has been working on a product roadmap that places customer consent, information security, and data minimization at the core of its communications platform.
Here’s how we’re preparing to be compliant by May 25:
Access control and logging for systems and teams
Plivo’s systems are designed on the principles of microservices architecture. Interactions across hundreds of independent services are carefully choreographed to ensure the smooth functioning of a robust, fault-tolerant, highly available system.
We’re cutting excess fat off our services, making sure that each microservice has access only to the data it needs to do its work.
We’re assigning a unique signature to every data access client in our system, and logging every read/write operation carried out on our persistent datastores, as well as on our system caches.
Data access policies for individuals in the organization are as critical as those for our software services. We’re auditing the access levels of all individuals in the organization to ensure that people have access only to the data they require to do their jobs.
Message redaction for incoming and outgoing SMS
While we’ve never saved SMS message contents to our databases, we’re now offering our users the ability to control whether message contents and telephone numbers should be printed to internal and external debug logs.
log parameter of the Send Message API, when set to
false, disables logging of message content, and also ensures that the destination number is redacted from the message detail record. This feature has been available to all of our customers for more than a year now.
Soon, you’ll also be able to configure whether incoming messages received on your Plivo numbers should be logged in our systems. We’re exposing this capability in the form of an application-level setting, which applies to all Plivo numbers associated with the application. The source number from which the message originates are redacted from Plivo logs and MDRs as well.
Role-based access control and 2FA
The Plivo console lets you track usage, access API credentials, debug technical problems, update billing information, and download invoices. Members of your organization should have access only to the console features and data that are relevant to their role in your organization. Your finance department doesn’t require access to your Plivo API credentials, and your development team need not worry about billing and invoicing.
We’re launching a new Plivo management console with advanced user management features such as multiuser login, single sign-on, role-based access control, and user activity logs.
For improved security, we’re enabling two-factor authentication on the Plivo console for all of our customers by default.
Encrypted storage for recordings and transcripts
Recordings and transcripts of your voice calls may hold sensitive information pertaining to end users. Plivo hosts your voice recordings and transcripts on Amazon S3. All recordings are encrypted at rest and securely stored in AWS S3 buckets.
Revised MDR and CDR archival processes
MDR ad CDR information in transactional databases is required for billing and accounting purposes by us and our customers. We feel that the utility of this data in our transactional databases is lost after 90 days, so Plivo will maintain MDRs and CDRs in its transactional databases for a period of 90 days only.
Redacted MDRs and CDRs will be archived for longer time periods in our data warehouse. The last three digits of the source and destination numbers will be masked in the CDRs and MDRs maintained in our data warehouse.
We recommend that you extract MDRs and CDRs from the Plivo system within 90 days from generation if you intend to maintain this information at your end. Requests for MDRs and CDRs that are older than 90 days will involve a longer turnaround time and the data provided will be redacted.
Data security audits
All of our systems and processes are being audited for GDPR compliance. Our objective is to have all personal data in our systems secured and encrypted between our systems and at rest.
Revised account deletion policy
We’re reworking our internal and external processes to align with the GDPR requirements to make sure that if you decide to close your Plivo account, your data will be deleted from all of our systems, except where other laws (SOX compliance, legal requests, taxation and accounting) require us to keep it.
As per the new process
- Account closure requests from customers in good standing will be addressed within 15 business days.
- Personal data in third-party systems will be deleted.
- Usage data (CDRs, MDRs, debug logs) and billing history (invoices, transaction logs) will be maintained for a period of 90 days from account closure.
- All other identifiable data associated with the customer will either be deleted or redacted from our databases.
As your communications partner, we understand that our compliance with GDPR is critical for your business. We’re taking all of these steps to ensure your customer data stays safe, while also being mindful about keeping things simple for developers. We’ll continue to share updates about upcoming changes. If you have questions about our GDPR readiness roadmap, write to us at firstname.lastname@example.org.
Disclaimer: None of the content above is legal advice. Please seek legal counsel for specific recommendations related to GDPR compliance.