In Context

The next-generation communications blog from Nexmo

< Back

How Nexmo Is Preparing for GDPR

December 14, 2017 Published by

Last month, Nexmo published a blog post explaining what GDPR compliance is, what it means for communications, and how our customers should think about the regulation. The following blog post provides more specific information about what we’re doing with our platform and product portfolio to make sure we’re ready for GDPR, as well as the ways in which we’re helping our customers prepare their companies for GDPR.

GDPR and how it relates to Nexmo

As a communication platform, Nexmo securely manages your communication with customers. In preparation for GDPR, we’ve identified platform and product requirements that are critical for your company to address, including:

  • Access control
    • Access to data should only be given to appropriate staff and systems that need the data for work-related purposes.
  • Data retention
    • All communications data should be deleted after it is no longer necessary for the purpose of processing, unless retention is otherwise required by law.
  • Data redaction and deletion
    • In addition to any data retention policy, companies need the ability to erase personal data on request.
  • Encrypted communication
    • Communications, including any personal data, should be protected with appropriate technical and organizational measures, including, as appropriate, encryption or pseudo-anonymization of personal data.
  • Audit and logs
    • Access to personal data should be logged and reviewed.

How is Nexmo preparing for GDPR?

Here is how Nexmo is preparing for each of the identified platform and product requirements:

  • Access control
    • We ensure that only authorized machines and staff can access the systems and information needed to provide a world-class communications platform. We use granular access control and user roles to enforce who sees the information and what information they can see. In addition, access will be audited to ensure no inappropriate access to information has occurred.
  • Data retention
    • Call detail records are available immediately to allow our customers to troubleshoot and report on their usage. We are implementing processes to automatically redact or delete records that no longer have relevance to the provision of services to our customers, where permitted by law.
  • Data redaction and deletion
    • Nexmo will be introducing several products that give our customers the option to decide when their data is redacted or deleted. These products will enable our customers to manage their compliance needs more easily, without any additional software development.
  • Security of customer data
    • Requests through Nexmo’s RESTful API are encrypted, as is access to a customer’s dashboard.
  • Audit and logs
    • We keep track of who accesses our customers’ data and where it goes within our platform. User events are stored so customers can access and audit events related to their accounts.

New data protection products to make compliance easier for you

Nexmo enables the communications for global companies. Whether related to banking, healthcare, or technology, we understand how important data security is for our customers. That’s why we’re using GDPR as an opportunity to enhance data management and security for all of our customers. To that end, we’re introducing several new products to provide users with more control of their data, to simplify GDPR compliance for their organizations:

  • The Redact API will give customers the ability to remain in compliance, enabling the ability to redact the phone number and message body through an API call.
  • The Audit Event API will offer programmatic access to user events related to customer accounts, enabling users to build SIEM-capable services and alerts.
  • As part of our Enterprise Package, customers will have the ability to choose from several data redaction options, including the option to automatically redact all communication data immediately, or after some period of pre-set time, further simplifying the compliance process.

Nexmo understands the importance of data security and compliance. Our entire organization, including our legal, product, and support teams will continue to be here to assist with our customers’ GDPR compliance efforts now and into 2018.

Tags:

Categorised in: , , , ,

This post was written by