by jorge.cabaleiro | GDPR has been a hot topic in the last few months and often times companies are still trying to understand the impact of this new regulation on their day to day operations. In a previous blog post we spoke about the compliance problem of mainstream messaging apps when used in an enterprise environment. In this entry I would like to talk about the main points any enterprise should consider before deploying a communications tool:
- Keep the data where it belongs: reduce risks, try to keep all contacts, conversations and files under control. This is specially important if you are recording calls or working in sectors that deal with sensitive information. The best place to store all this data is your own datacenter or private cloud. By doing so you will not have to worry about unknown data leaks or unclear third party data processing policies that can harm your data protection policies.
- Track interactions: monitor how data and information moves, what information is being kept and which left the company, who had access to that data and if any leaks happened. Having access to logs, chat history, shared documents and other interactions can help spot malicious activities. Make sure you know if information ended up in a country outside the EU and what specific information ended up there. This will allow you, in case of being investigated, to prove that you are able to oversee how your company data flows.
- Restrict access to sensitive data: Pay attention to who is accessing data. A properly configured UC tool can have different access levels depending on the department. This also ensures that people that people that have access to that information are properly trained.
- Delete what you don’t need: if a client ask you to delete their data make sure you can effectively do so, same applies to old data you don’t need anymore. Be careful if working with third parties, sometimes is not easy to know for how long they might keep that data or for what purposes. Find a way to make sure that if a customer wants to be forgotten all that information is truly deleted.
- Give your customers their data back: when dealing with personal information your customers have the right to know what data is being stored and for what purposes that information is being kept. Also, you need to be able to correct information in case it is not up to date. Make sure you can access and correct all that data and that you can give your customer that information.
Ensure that your communications solution comply with these terms to avoid fines and make certain that your employees use a compliant GDPR tool for communication. One of the options to achieve this is to use Sippo collaborator, the unified communication solution developed by Quobis. Sippo collaborator is an enterprise multi device communication tool deployed on the local premises or your private cloud.
Sippo collaborator can be connected with the existing PBX and call center platforms allowing full integration into the company communications infrastructure. Merge it with your active directory, create rules, limit access and have all your colleagues at one tap; integrate it with your CRM system and directly connect with customers. Because it is running from inside the enterprise cloud, the data never has to leave to company, this allows you to keep track of the data flow, retain control of information held and fully comply with data erasure and data processing requirements.