Every day we make sure hundreds of thousands of phone calls are delivered to the customer service departments of our clients. This means telephone numbers from their customers go through our systems and sometimes we may receive more information. Even though it is only a phone number, this is still considered personal data. We understand these are valuable to our clients and we treat them with the utmost care. Here is what we do to protect their data.
Long before GDPR was announced we already started working on information security. Since 2014 we have been ISO 27001 certified. Although requirements are different, this ISO certification is an excellent basis for GDPR. It ensures secure use of client data by regulating the transmission, storage and access of this data in a safe environment.
You can rest assured we have secured our data according to the industry’s best practice.
Just your phone number will do
An important focus of GDPR is data minimization. We only want to receive the data necessary to provide our solutions. In most cases only the customer’s telephone number (mobile or landline) will enter our system. From there, we process the incoming calls according to what has been agreed upon with our clients. In many cases, we deliver the calls directly to one of their customer service representatives.
Telephone numbers are stored in our production system for 6 months for after-care and in case issues pop up. We have automated our systems to be cleaned regularly to minimize retention. After 6 months the phone numbers are truncated and become anonymous. In all other systems (invoicing and data warehousing) the telephone numbers are already anonymized or pseudonymized before they are collected. Our clients will still be able to see call analytics, as for instance number of calls from mobile or landline phones, unique and repetitive callers. All this information can be generated without using the actual telephone numbers.
You can build a fortress around data, but the best protection is awareness. Our employees are well aware of the value of our clients’ data. They only have access to data on need-to-know and need-to-do principles. Periodically, risk analysis measures are examined during internal and external audits to assess functioning and compliance.
In our updated privacy statement you can read more. If you have any questions concerning privacy or how we process data, feel free to contact us.