image-description
Return to Blog

Plivo GDPR Update CDR & MDR Compliance - Done

TAGS :
, Written by

GDPR comes into effect on May 25th 2018, and we at Plivo are hard at work to ensure that our systems are fully compliant with key data protection principles highlighted in the GDPR.

One of the most critical aspects of GDPR is Data Minimization. We are happy to share that we have completed all the key changes to our data retention policies for Call Detail Records (CDRs) and Message Detail Records (MDRs) as per GDPR compliance requirement.

Starting May 5th 2018, Call Detail Records (CDRs) and Message Detail Records (MDRs) will be retained in our transactional databases for a period of 90 days only.

Present Behavior

At present, all CDRs and MDRs are stored in our transactional databases. This means, customers are able to fetch CDRs & MDRs via API and the Plivo console for any date range of their choice, going as far back in time as they wish.

CDRs and MDRs are used by our customers to analyze usage behaviour, quality parameters and also as input to their accounting/billing systems. As part of our analysis, we looked at how customers query for CDRs/MDRs and the typical look-back period. The results showed that more than 98% customers never query the data beyond first 90 days.

Upcoming Changes

Starting May 5th 2018, CDRs and MDRs will only be retained in the transactional databases for a period of 90 days from the actual date they were created. This means that existing CDRs and MDRs that are older than 90 days will be purged from our transactional databases starting May 5th 2018 and hence will not be accessible via our API or the Plivo console thereon.

CDRs and MDRs are used by our customers to analyze usage behaviour, quality parameters and also as input to their accounting/billing systems. As part of our analysis, we looked at how customers query for CDRs/MDRs and the typical look-back period. The results showed that more than 98% customers never query the data beyond first 90 days. This formed the basis of deciding the 90 day retention period for the records.

Data Archival Process

While our transactional databases shall contain MDR/CDRs generated in the last 90 days only, redacted MDR/CDRs will be persisted in Plivo data warehouses for up to two years.

The redacted MDR/CDRs will have the last three digits of the From and To numbers masked.

For example, a CDR in our data warehouse looks like this:

Voice Call Detail Record (CDR)

Call UUID Parent Call UUID From To Call Direction Time Call Duration Bill Duration Call Rate Call Charge
a19e4bbb-42a3-11e8-88f3-69eaaa168218 None 17186647*** 14013154*** inbound 2018-04-18 01:58:45+01:00 6 60 0.0085 0.0085


SMS Message Detail Record (MDR)

Call UUID Parent Call UUID From To Call Direction Time Call Duration Bill Duration Call Rate Call Charge
a19e4bbb-42a3-11e8-88f3-69eaaa168218 a19e4bbb-42a3-11e8-88f3-69eaaa168218 17186647*** 14013154*** outbound 2018-04-18 01:58:45+01:00 1 0.005 0.005 0.005

Accessing CDRs/MDRs older than 90 days

Starting May 5th 2018, CDRs/MDRs older than 90 days will not be available via the GET CDR/MDR APIs and the Plivo console.

For now, requests for data older than 90 days can be be raised using the Plivo Support Portal. Note that such data requests will be processed offline. The MDR/CDR data shared will be in the redacted form.

Our commitment to GDPR

As your communications partner, we understand that our compliance with GDPR is critical for your business. We are making all the efforts to ensure your customer data stays safe, while also being mindful about keeping things simple for developers. We will continue to share regular updates like this about upcoming changes. If you have specific questions about our GDPR readiness roadmap, write to us at gdpr@plivo.com.

Read more about how Plivo is preparing to protect your data as per GDPR requirement here.


comments powered by Disqus