The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. The GDPR, itself, is an overarching set of regulations aimed at protecting the data privacy of all European Union citizens. But this includes the transfer or export of personal data outside of the EU as well as structural incentives for global compliance. The GDPR was proposed more than six years ago and endured several negotiation processes to finally be adopted by the European Parliament on April 27, 2018.
This regulation impacts businesses worldwide. Is your business prepared?
To the experts, the passage of the GDPR represents an important moment for national- and international-scale cybersecurity efforts, worldwide. According to the Wall Street Journal, the GDPR will impact “virtually every company in any sector around the world that processes the personal data of EU residents.” Given the potential widespread impact of these regulations on the digital landscape, not to mention on global financial markets, let us look at how GDPR standards will affect the telecom expense management (TEM) industry, highlighting the six things you need to know about how the GDPR will influence TEM in 2018 and 2019.
GDPR and TEM
Your telecom expense management systems require intense amounts of data and digital infrastructure to operate seamlessly within your business. With the implementation of new GDPR standards, TEM is set to change in several dramatic ways.
- To strengthen individual rights of EU citizens, the GDPR mandates that companies no longer have the right to hold an individual’s personal information without their permission. During the data collection phase of one’s mobile engagement, businesses must now provide explicit instructions outlining how participants can opt out of the system altogether. Their preference must be confirmed with an affirmative action, rather than a simple opt-out selection.
- ‘Right to Be Forgotten. Have you ever tried to unsubscribe from an email list or delete an online account, but you keep being retargeted for the same services several weeks or months later? Beginning with the GDPR, that experience could be a thing of the past as EU citizens now have the ‘right to be forgotten.’ This rule states that individuals have the right to know where their data is stored and can choose whether or not the data is removed or deleted from a company’s database. In the case of TEM, it will be important for businesses to consider the modular aspects of their data storage and figure out new ways to most efficiently house sensitive personal data.
- Telecom Expense Tracking. Funds allocated for use in an employee’s telecom expense account are no longer considered fungible under the GDPR. Each transaction on a person’s behalf must be delineated and approved by them in writing. TEM service providers will have to improve their recordkeeping to maintain a log of any EU based personal data that passes through their system.
- Data Protection Impact Assessments (DPIAs). Article 35 of the GDPR sets up the requirement that in any situation where a person’s information may be at high risk, the controller of that information must carry out an assessment measuring the possible impact of handling that information. The assessment must outline what security measures are being taken to ensure data privacy. Telecom expense management teams deal with huge amounts of sensitive and personal data. For them to meet the GDPR’s requirements, TEM providers are rethinking their approach to privacy, integrating new standards and refreshing outdated IT functionalities.
- The GDPR also initiates a new fee structure to ensure compliance with new regulations. Fines can total up to 2 percent of annual worldwide turnover in a previous fiscal year or as much as 10 million Euros for minor infractions and as much as 4 percent of annual worldwide turnover for major infractions, or as much as 20 million Euros. The strength of these fees is intended to invalidate any attempts by large organizations to factor in the cost of compliance against the cost of litigation.
The potential impact on the Telecom Expense Management (TEM) industry by these new GDPR regulations will be widespread, and it is important that businesses prepare for systemic changes in the way they handle sensitive data. Companies across the globe will need to retool and reassess their data protection protocols in order to keep pace with evolving standards.
Is your business ready for GDPR? Contact one of our experts today for a free assessment of your TEM needs and to learn how your company can prepare for these and other changes.