Of late, with the new EU General Data Protection Regulation (GDPR), data protectionis no longer a luxury for telecom operators. The GDPR is designed to enable and ensure better control and privacy of personal data. But with the law, comes a lot of noise and misinformation. A recent survey found more than 50% professionals were unable to accurately identify what the initials GDPR meant. Yet many believe that this regulation is the most important change in the data privacy regulations in the last 20 years.
The explosion of information due to the proliferation of the smart and connected devices is generating vast amounts of customer and business data that is highly confidential in nature. Telcos are under obligation not to obtain or use the personal data for any purposes other than their service activities. Telcos also have the responsibility to delete customer information once a customer has ended their service with them.
Telcos are therefore well advised to adopt a policy-driven, on-demand approach to proactively protect sensitive data from loss. This includes the need for de-identifying sensitive personal data to protect data privacy and support compliance, especially for personally identifiable information (PII) associated with customers such as: name, address, telephone/mobile number, driver license number, dob, photo combined with fingerprint, bank/financial/credit card details, national/social insurance number, passport number, SSN or to one or more factors specific to the physical, physiological, genetic, mental, economic or cultural identity of that person.
The risks of non-compliance include financial and legal consequences along with potentially damaging impacts to the reputation of the telcos as well.
Large telcos operating across multiple countries face particular challenges from GDPR. For one, cloud computing architectures add layers of complexity, because of mandates about information not leaving the home country of the customer, or IP addresses being interpreted as personal data. As a result, implementing data privacy policies is complicated and costly.
So what is the solution? Telcos are trying out techniques like tokenization and encryption internally within their networks to limit where sensitive customer data flows to ensure compliance. This hides sensitive information before it is sent to public applications and replaces data with meaningless values. The important thing is to not be like the ostrich who puts its head in the sand: GDPR cant be ignored. Work with your software vendors to make sure that your customers data in the EU is protected.