Roscom and GDPR – We’re prepared for compliance!
We’ve all read the stories in the media about companies which have been hacked. From banks to supermarkets, hotel chains to credit agencies no sector is safe. In telecoms we need to ensure we are doing all we can to protect clients’ data. It’s not just about the new GDPR (General Data Protection Regulations) which comes into force next month. It’s about the reputation of our sector.
It is one of the reasons our team at Roscom have decided to appoint a Data Protection Officer. We already have robust policies and technologies in place to protect our clients’ data but what we asked ourselves was – “could we do more to assure our clients their data is safe with us?”
Mention GDPR and you get one of two reactions. Fear from the regulators or Flight from the responsibility.
Fear: It is true companies can be fined if they are careless with data regarded as personal i.e. that which could identify an individual. In the UK the regulator - ICO (Information Commissioners Office) has already handed out monetary penalties, enforcement and prosecutions for those who have breached the current rules. It has also asked for some organisations i.e. WhatsApp to sign an undertaking to ensure it is GDPR compliant (once the regulations come into play) in the way it shares data with its owner, Facebook.
Flight: There are still companies who are ignoring the fact that GDPR is galloping towards us and are burying their heads in the sand. But you can’t run forever. The new rules mean if you are in the supply chain then you are responsible for protecting the data which comes across your desk. You have the same duty of care to safeguard that asset as if it was your own. There is no getting away from it.
At Roscom we know telecoms providers trust us to look after the data they supply to help them maximise revenue and minimise fraud. But we also know there is a reluctance in the industry to let companies see the fullest picture of their traffic i.e. data and phone calls because of the fear of what might happen to that information once it is out of their hands.
For us the solution was simple. We looked at two ways in which a data breach could happen in any organisation – human error and system weakness.
Tightening the System: We already have software which removes PII (Personally Identifiable Information) even before it comes into our systems. When we run tests on our clients’ data we ensure there is no personal data. Anything sensitive is stripped out beforehand. This is how our hardware has been designed and it works. In the light of GDPR our technical team have reviewed, designed and designed and developed our new technology to take that one stage further. It means clients can give us the full traffic and be sure they are not handing over anything which is in breach of the new GDPR rules.
Staff Responsibility: Humans make mistakes. Data can be lost, sent out in error or misplaced. It can be hacked. Ensuring staff understand their responsibilities around GDPR is vital. Our compliance officer is undergoing formal full training for GDPR compliance. His job is alerting our teams as to what constitutes a data breach, how to avoid it and what they need to do to keep data protected under the new rules. However, we have also gone one step further. This month he is becoming a Data Protection Officer within the company. This means, without fear or favour, he will be an independent guardian/watchdog, protected by law to protect our clients’ data. He will monitor internal compliance and report only to the highest authority in the company.
It’s a bold move but when it comes to protecting data it is important that our link in the telecoms supply chain is strong. This isn’t about ticking boxes. Its about putting the right people and processes in place to provide a culture of respect and responsibility for rights of individuals, while successfully helping our clients.
Mandy Blackburn, Operations Director at Roscom.