The clock is ticking as we are only few weeks away from May 25, 2018 – when the General Data Protection Regulation (GDPR) is set to come into force.
The regulation will impact just about every business across the European Union. However, for telcos and mobile operators, by virtue of their large and sensitive customer databases as the backbone of their core operations, the implications will be even more significant.
As GDPR will place new demands on business support systems (BSS), organisations will have to gear all their systems and processes to ask for consent at each step and be capable of erasing a customer’s entire data footprint if requested. At R Systems, we’ve been following closely the recommendations regarding GDPR compliance and are already supporting our telco customers in preparing their solutions ahead of the deadline.
For tier-1 mobile operator in Eastern Europe, we are already implementing the needed changes in the system managing the operator’s prepaid subscribers. The prepaid billing system (PPB), which currently manages approximately 25 million active and inactive prepay users, needs to be enhanced to capture customer consent and also purge user data as per the GDPR requirements, either after 3 years of user inactivity or on demand.
These updates and new developments include:
- the creation of a new mechanism scheduled to run daily in order to delete or anonymize (where deletion is not possible) the following user data: personal data, history about reloads, services, SIM and provisioning
- the creation of a table where there will be inserted the subscribers who need to be deleted or anonymized on demand and processed daily by the mechanism, with a purging log including the time stamp of execution and the number of deleted subscribers
- the enhancement of the graphical user interface of the customer administration section of the PPB in order to show the customer permissions (received from an external system). In this tab customer administration user can update existing permissions such as marketing preferences (email, post, SMS/MMS/push USSD, outbound call), basic profiling and advanced profiling for marketing preferences.
These changes are due until the coming into force of the General Data Protection Regulation and are meant to ensure that our mobile operator customer is given the tools and support needed for compliance.
As the GDPR compliance journey will only begin shortly, we are also focused on providing our customers the needed flexibility in system design and strategy to successfully overcome whatever challenges may arise along the process.