With the EU’s long-awaited General Data Protection Regulation (GDPR) coming into force in May 2018, firms in every sector need to start thinking differently about how they capture, store and use customer data. The telecoms industry is no exception.
While it would be comforting to regard network numbering and addressing as non-sensitive data, a whole slew of countries take the opposing view. As customer numbers can be correlated against a host of personal details, like a user’s international mobile subscriber identity (IMSI), many believe they do qualify as personally identifiable information.
GDPR sets tough provisions for the treatment of such data, putting the onus on data controllers and processors to demonstrate they’ve built-in adequate security controls to protect customer privacy.
A fine day for telecoms
GDPR isn’t a regulation any business should be keen to violate. Depending on the circumstances and seriousness of a breach, the potential fines can reach €20,000,000 or 4% of worldwide turnover. Firms should also be prepared for news of any breach to be made public, something that could do considerable damage to their industry reputation.
Facing such high stakes, operators are understandably clamping down on what use to be relatively free-and-easy access to their databases via home location register (HLR) lookups. Already, this is making it harder for some well-established applications to work effectively, denying them rapid access to basic subscriber information that’s vital for the efficient delivery of traffic, as well as validation and verification.
The race for security
Given the inherently insecure nature of HLR queries, the telecoms industry is vigorously searching for an alternative that can fulfil the same requirements without compromising sensitive data. Access to a consistent, secure platform for number portability information is now a critical concern. Operators and enterprises rely on easy access to number data not just to keep legacy services like voice and SMS messaging running smoothly, but also to build next-generation applications that can amaze subscribers with fresh capabilities.
We believe the most viable HLR alternative is a centralised, cohesive database for number portability information that can be easily queried by players across the mobile ecosystem. However, any such platform needs to incorporate ‘privacy by design’ to stay on the right side of GDPR.
A data processor must have a highly secure approach to the end-to-end information flow and be able to track where a piece of information came from, where it went to and how it’s being used. Since EU citizens, or ‘data subjects’, will also be able to request the deletion of their data under GDPR, data processors must know exactly what data they’re holding and where it’s stored, so it can be easily found and removed.
With GDPR pitting the need for security and compliance against the ability to create and deliver popular mobile services, a careful balance needs to be struck. This challenge has yet to be solved, but at XConnect we’re committed to driving fresh innovation that will do just that: enabling players across the telecoms ecosystem to empower subscribers with both stronger security and stronger services.