Best practice guidelines for Mobile Network Operators ahead of GDPR
The arrival of GDPR will mark a big change for data protection and this is going to have huge effect on Mobile Network Operators (MNOs). Early preparation is key in order to save time in the long run.
As Mobile Network Operators (MNOs) are responsible for customer data at all times, data protection plays an essential part of procurement in enterprise messaging. Veoo recently got involved in the development of the Mobile Ecosystem Forum (MEF) guide on Enterprise Mobile Messaging, which outlines the importance of MNOs ensuring data protection is front and centre of any enterprise messaging procurement procedure. We therefore know the importance of adhering to procedure and have put together the following best practice guidelines.
The arrival of the General Data Protection Regulation (GDPR) next year will mark the biggest change of data privacy law in the last twenty years. The regulation not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. The drivers behind the GDPR are twofold. Firstly, the EU wants to give people more control over how their personal data is used, bearing in mind that many companies like Facebook and Google swap access to people's data for use of their services. The current legislation was adopted before the internet and cloud technology created new ways of exploiting data, and GDPR seeks to address that. By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy. Secondly, the EU wants to give businesses a simpler, clearer legal environment in which to operate, making data protection law identical throughout the single market (the EU estimates this will save businesses a collective €2.3 billion a year).
Under the procurement guideline, MNOs are responsible for their customer’s data at all times, from the moment they give their consent to collect, store and use it, until they are no longer a customer and even beyond. When the operator has signed an agreement with a messaging provider, there should be an agreement on how sensitive data will be handled, but ultimately, retain responsibility at all times.
In situations where the customer data you have is current but a significant percentage of messages are not being successfully delivered, this can indicate the use of a poor-quality connection which should be reviewed by the messaging provider. MNOs will need to assess the rates of undelivered messages which travel through their networks and may impose penalties if message failure rates exceed a certain percentage.
Ahead of GDPR coming into effect, regular monitoring and maintenance of distribution lists should assist in ensuring best practice for MNO when records are up to date prior to the deployment of a messaging solution or individual campaign. Regularly reviewing the reasons that messages have not been delivered against the delivery reports and making certain that your distribution lists are regularly cleaned help to ensure good housekeeping, saving time in the long run and further protecting your data from spam. If you have not had any active communication with a customer for a period of time, commonly six months, you should remove their number from your distribution lists. Customers may have changed mobile number since you last communicated with them by SMS – MNOs generally quarantine numbers for six months and then release them to new subscribers.
Further best practice solutions for customer data protection ahead of GDPR include ensuring that you have your customer’s consent to send them specific categories of message or types of content. As well as this, it is also important to make sure you do not share your customer’s data with any third party unless they have given you their explicit consent to do so, confirming under what circumstances it may be shared and subsequently used.
Effectively managing your relationship with your customers is key to securing their trust and ongoing engagement and this includes how and when you send them messages. Consideration should be taken into the frequency and timings of the messages you send, both in terms of national or regional restrictions and what would be considered acceptable by any reasonable customer. Overzealous marketing, however well intended, may not be well received by your customer, nor would a message received at midnight – something that would actually be prohibited in some countries. These types of issues create negativity and customer question the use of their personal data.
As we draw nearer to the enforcement date of 25th May 2018 for the General Data Protection Regulation (GDPR), it is imperative MNO’s ensure best practice to all procurement procedures. Ultimately, the MNOs are responsible for ensuring that their channels are not being used in a way which may cause harm to their subscribers, namely your customers.