GDPR Why it Matters

Swift SMS Gateway is at work to make sure we are compliant to data protection principals of GDPR (General Data Protection Regulation). Even if you think your business is not concerned about GDPR – It’s about Europe – You are still impacted by these new European data regulations. Its goal is to make it easy for consumers to give and withdraw consent for the use of their data. Consumer privacy and security is key. Consider it as part of our mutual security obligations.

All businesses large and small collecting consumer data are subject to GDPR compliance, but if you are a small business, any security breach surrounding data can be especially devastating. As we have highlighted in previous blog articles, remember 60% of small businesses cannot sustain themselves after a data breach. Consider now; starting on May 25th, 2018, non-compliance and/or a breach of consumer data as defined in GDPR is subject to fine from the EU. So data security and privacy protection measures for consumers are now even more relevant.

GDPR fines are to be based at two levels:

  1. Up to €10 million, or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. 
  2. Up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. 

For more information on GDPR fines go here. The EU is expecting cooperation from neighbouring countries in the enforcement of this. Being in North America will not make you free of these obligations.

Swift SMS Gateway services provide connectivity to global mobile operators with the majority of our business focused on North America. We take GDPR and all security matters concerning our client’s text messaging data, and end-user privacy seriously. We strive to make your text messaging service better wherever possible.

How Does GDPR Impact Text Message Services?

The impact of GDPR is global across many businesses large and small. Its scope is wide too, because interpretation of its definition of “Data Processing” and “Transactional Data” are broad. All communication services and business using public Internet in any aspect of their communications chain are potentially impacted. While the layman interpretation of Transactional Data is easily misunderstood as concerning a financial transaction, in the communications industry, understand that simple messaging can be considered as within the scope of Transactional Data.

What Privacy Assurances Does Swift SMS Give Concerning GDPR?

Rest assured Swift SMS Gateway limits Data Processing to facilitate data transit of your text messages and nothing more. As has always been our pledge to our clients:

Your SMS data is your own. Swift SMS does not share it, use it, or re-market it.

How we hold true to this pledge has always been to abide to the principal of Data Minimization, which is a key aspect of GDPR. All data service providers are subject to scrutiny around the area of data retention, because archive and storage is a bi-product of a transit service, whether it is paid for or not. Ultimately businesses must realize the ultimate right of data belongs to consumers. Swift SMS Gateway believes the spirit of our original pledge still holds true today.

Fundamentally, Swift SMS Gateway is paid to deliver text messaging and we deem message content, to have zero value to us as your text message service – We don’t analyze message content, but we do take your security seriously. We manage security around data retention on the “need to know” principals of data minimization, and the key requirements of fair and reasonable use.

Concerning GDPR guidelines, text messaging records are processed using two critical elements:

  1. Call Detail Records – The info around phone numbers and delivery receipt.
  2. Message Detail Records – The info in the text message being the content.

Fair and reasonable use of these two critical elements means we use the Call Detail Records (CDR) for accounting purposes to determine message use, while we place zero value on the Message Detail Record (MDR).

However, both the CDR and MDR are important to you, our customer. Ultimately, we both share in consumer privacy obligations.

As a whole, text messaging records are processed in our live record set. We call this the Gateway and then move these text messages off-line to archive in six weeks. Typical clients demand full access the text messaging record during the first six weeks. 99% of our clients never query data beyond the first 90 days.

Upcoming Changes for GDPR Compliance

Starting May 25th, 2018, Swift SMS Gateway will be scrubbing message content (the MDR) on all clients beyond the first 90 days. This process is called “redaction”, which means the censoring, or obscuring of part of text for legal or security purposes. Historically, we’ve only done redaction based on client request for non-typical clients. The scrub methodology we use is to redact message content with a standard message acknowledging the text string replacement of message content in an overwrite. This methodology is superior to deletion flagging. On the same date Swift SMS Gateway will be scrubbing the last four digits on text message phone numbers (the CDR) using the same scrub methodology.

If you have further questions and concerns about GDPR and how any changes regarding it may impact your business’s text messaging, please contact your sales representative here and we will be pleased to assist you and your text message requirements. Beyond GDPR, Swift SMS Gateway is committed to assuring you of the best text message service at all times.