On May 25, 2018, organizations across EU member states will need to comply with the new General Data Protection Regulation (GDPR). Non-compliant organizations, regardless of their size and industry, can face fines of up 4% of their annual turnover or €20 million – whichever is higher.
TeleMessage clients have our full commitment to help them meet their GDPR regulatory requirements, especially in the areas of secure messaging and recordkeeping.
Our mission-critical solutions enable our clients and end customers to use the necessary tools and features that will ensure a GDPR-compliant mobile phone text and call archiving solution. Telemessage tools and features include comprehensive reporting, audit trails, traceability, and archiving solutions that can be fully integrated within the organization’s existing data archiving system.
TeleMessage also sees GDPR as an opportunity to aid our clients in transforming their digital and mobile business activity. Data protection is a critical aspect of a digital enterprise, and through our solutions, our clients are able to secure their data – all while maintaining compliance and meeting the competitive requirements of today’s market.
GDPR Key Terminology and Definitions
The first step in understanding what the GDPR entails is to be familiar with the lexicon used in the new regulation. At this point, bear in mind that this post does not constitute legal advice and is intended, and should be used, for general purposes only.
- Data Controller – The entity that determines the purposes, conditions, and means of the processing of personal data
- Data Processor – The entity that processes data on behalf of the Data Controller.
- Personal Data – Any information related to a natural person or ‘Data Subject,’ that can be used to directly or indirectly identify the person.
- Consent – Freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal
- Data Subject – A natural person whose personal data is processed by a controller or processor. These are the people who may ask to release, edit or delete the personal information stored on an organization’s servers.
- Right to be Forgotten – Data subjects have the right to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.
- Right to Access– Also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them.
- Personal Data Breach – A breach of security leading to the accidental or unlawful access to, destruction, misuse, etc. of personal data.
GDPR: Opt-in and Its Implication on SMS Archiving
As discussed in our previous post, GDPR has a wide-ranging impact that will change how organizations capture and maintain information from their customers. The key points of GDPR companies must focus on with regards to data archiving includes its increased territorial jurisdiction, the right to be forgotten and right to access by data subjects, the mandatory breach notification, and ultimately – the request for consent.
An organization cannot send an SMS message to anybody unless they have provided consent. Consent can be obtained in two ways: soft opt-in and hard opt-in. The soft opt-in is where the firm may already have someone’s contact information either because they are current or past customer of the business. If the business has someone’s details because they want to inquire about a product/service, even though they did not purchase, then this would also be considered as a soft opt-in.
On the other hand, a hard opt-in is where the firm specifically requested their customer’s permission to send them SMS messages, and they supply their approval (through a tick box on the firm’s website or a form). It must also be as easy to withdraw consent as it is to give it.
It is extremely critical for companies to keep a clear record of when and how they got consent from their clients. In the event of litigation, such record can help the company to prove its compliance with GDPR requirements.
Get in Touch
TeleMessage is a global leader in enterprise mobile messaging solutions that offer robust and holistic mobile archiving platforms. Our Mobile Archiver is equipped with features that enable organizations to comply with GDPR archiving requirements such as automatic deletion of records in case a customer decides to opt-out, data extraction and tagging, end-user notification in case of breach, and advanced data security options for maximum protection of customer data.
Visit our website today www.telemessage.com to learn how our platforms can help you achieve compliance with the imminent GDPR implementation.