As a client, you have a right to ask any vendor that processes your data this question: “How will you comply with GDPR rules”? Then the vendor must answer in a straightforward way.
Ezwims GDPR solution
Below is Ezwims answer to the GDPR question. These are the additional measures we will implement in our system to ensure GDPR compliancy. They achieve compliancy, with minimal impact on the value of the data stored in the system.Masking CDRs after three months
It will be possible to mask Call Detail Records (CDRs) when there is no longer a business reason to retain them. After masking, it will be impossible to link these CDRs to persons anymore, as a result of which the CDRs are no longer personal identifiable information. The advantage of masking over deleting CDRs (which is already available in our system) is that certain reporting on them is still possible. The recommended value for the “Masking term” is 3 months, which means that CDRs would be masked 3 months after they are loaded to the system. Do note that our system has the flexibility to set the “Masking term” per account. So if there are valid reasons to put it to a higher value (e.g. an invoice dispute raised), this is possible.Implement “right to be forgotten” for leaving employees
There will be an easy way to delete all personal identifiable data that is linked to employees leaving the company. So both historic as well as current user data will be removed, but the usage data and costs will remain to have the full invoice cost insight.Reduced retention period for generated ad-hoc reports
When an ad-hoc report or large download is generated in the Ezwim system, the report is retained for some time so it can be downloaded later. This retention period will be reduced for GDPR compliancy reasons.Reduced retention period for operator electronic invoices
When an operator electronic invoice is loaded to our system, the original file is retained for reference and trouble shooting. This retention period will be reduced.Reduced retention period for data sub-sets
For some purposes – like invoice validation - copies of data sets are stored separately in the Ezwim system. Also those data sets will be subject to shorter retention terms.
Retention period for tickets and orders
Tickets and orders will be removed after a certain number of days. The number of days will be determined per ticket or order type.Anonymize logbooks
Wherever the “right to be forgotten” needs to be enforced, the applicable logbook will be anonymized as well.
When will we be ready?
All personal data is already well protected at Ezwim through a set of existing security and organisational measures we have in place and certified by a ISO27001 certificate. So nothing new for Ezwim.
All changes will be implemented in the November and January release in order to be ready well in time for the GDPR deadline.
If you have any questions or concerns about GDPR in general or want to know more about Ezwims solution, please don’t hesitate to contact us!