GDPR: What American TEM’s Should Know About the New European Privacy Law

Posted by David Sonenstein on March 28, 2018


In the USA, there are a lot of things dominating the news cycles nowadays, but unfortunately for those in the enterprise technology management space, General Data Protection Regulation (GDPR) is not one of them. And while GDPR has been front-page news in the EU for months, becoming effective May 25 2018 across the entire EU, very few American companies and more specifically, American TEM companies, really understand what it is, if it applies to them, or the potential impact to their business and operations.

Key question

To determine if this legislation applies to them, American TEM’s should be asking one simple question.

Are you processing any personally identifiable data of EU data subjects?

Where “Personal Identifiable Data” is any information that can be traced back, directly or indirectly to a living citizen of a EU member state (“an EU data subject”).

Some examples of Personal Identifiable Data:

  • A person’s email address (doesn’t matter it if is a private or business address)
  • A person’s phone number (again, can be either corporate or private)
  • Call Data Records which be attributed to a person
  • A person’s IP address
“Processing” is basically any operation on this data, including just storing it.

If you answered yes to this question, GDPR DOES APPLY TO YOU and please download our whitepaper that completely explains GDPR in the American TEM context and provides detailed recommendations on how you can protect your company within the new legislation.


So What Does That Mean

Since most TEM companies at a minimum collect personally identifiable data (an invoice containing CDR’s), all parties bear responsibility to protect the personally identifiable information of an EU citizen in any geography, regardless of role – whether it be the TEM client selecting the right TEM provider, to the TEM provider ensuring they handle, store, and present that data in-line with the law.

TEM companies who have historically relied on self-certifying vehicles such as Safe Harbor or Privacy Shield should very seriously consider at a minimum would they be prepared for an audit, what would the cost of such an audit be, and what would be their liability should they be found non-compliant whether it be the cost to make themselves compliant (ISO certifications are not cheap) or in the most extreme case, potential fines that can be assessed.  

Download our whitepaper to find out how to be GDPR-Compliant in 7 steps.


 New Call-to-action


Topics: Partner, GDPR

Written by David Sonenstein

David joined Ezwim in 2012 and is responsible for all business operations for Ezwim in the Americas. He has over 15 years of experience in the telecom industry, over half of that in the TEM space specifically, with previous positions held at Sprint Nextel, Level 3 Communications, and Visage Mobile. He is an acting officer of Ezwim LLC, and is serving on the ETMA Executive Board as Secretary in addition to sitting on the Ethics committee.

Recent Posts

Subscribe Here to Receive Blog Updates and More: