XConnect Global Networks is a data controller in the enterprise messaging marketplace. The Mobile Ecosystem Forum (MEF), an impartial trade body addressing issues in the mobile ecosystem, recently invited us to participate in a Connects Digital webinar on March 15th to discuss the effects of the General Data Protection Regulation (GDPR) on mobile enterprise messaging.
Tim Greene, Features Editor at the MEF, hosted and led the panel consisting of three experts: Professor Daniel Solove (GDPR expert at TeachPrivacy), Rob Malcolm (VP Marketing & Online Sales at CLX Communications), and Lee Suker (Market Development Director & Data Protection Officer at XConnect).
The webinar had a great turnout with over 300 attendees. We are grateful to those who listened in and participated, making the webinar worthwhile and engaging. If you missed the webinar, you can find a link to the YouTube video and the transcribed highlights from the MEF here.
The audience posed many interesting questions during the webinar. It would be useful to elaborate further on some of responses provided by Lee Suker.
A feature of the General Data Protection Regulation (GDPR) is Joint & Several Liability. One opinion on what is Joint & Several Liability is expressed in a blog, Managing Unlimited Demands for Unlimited Liability in GDPR Contracts, by Fieldfisher. In practice, this could mean that an organisation in the processing chain would find themselves on the hook for sanctions and litigations resulting from a breach by another organisation in the chain. In order to protect your organisation, you must choose your suppliers carefully, perform due diligence on them, include clauses in your contract to protect your business, and ensure you trust all organisations associated with you.
Lee was asked whether GDPR was a good thing. GDPR empowers data subjects. Trust is brand attribute, and GDPR provides a mechanism to put trust on a company’s balance sheet. Consequently, it is likely to dissolve some untrustworthy companies, which will create market space for trusted organisations. GDPR is also designed to protect and grow our digital economy, which can only be a good thing.
As part of XConnect’s preparations for GDPR, Lee runs our Privacy Governance board. One of the board’s projects is to prepare all aspects of the business for GDPR compliance. We have adopted a risk based methodology designed to protect data subjects, our suppliers, and our customers. We run a regular governance board, and we have privacy-by-design built into all our business operations. It requires diligence, resources, and complete support from the executive board. There are some great solution frameworks designed to help organisations achieve GDPR compliance. A couple of useful reference for framework and tools is Nymity’s Accountability Roadmap for Demonstrable GDPR Compliance and the ICO’s Preparing for the General Data Protection Regulation (GDPR) 12 Steps to Take Now.
XConnect has integrated GDPR principles into all our Number Information Services (NIS), technology platform, and product roadmap. Our three Number Information Services utilise privacy-by-design in the development, design, and implementation. This includes maintaining GDPR compliance throughout data storage, locations, retention, access rights, use cases, etc.
XConnect helps SMS A2P communication providers validate numbers and optimise routing. Our Number Information Services empower hubs & aggregators to provide outsourced messaging services that are faster, higher quality, and more cost-effective. Underpinning our Number Information Services are three real time query services that rely upon Personal Data and are subject to GDPR:
We really hoped you enjoyed the webinar and if you would like to speak with Lee about our services or GDPR, please contact us at firstname.lastname@example.org
The content on this website is provided for general information purposes only and does not constitute legal or other professional advice of any kind.