4 Minute Read. Yes, it’s that time of year. We are all looking ahead to 2018 and how to succeed over the next 12 months. While every business has different objectives and plans for how to reach them, there is one thing that we will all encounter in some shape or form: the EU’s new GDPR framework that will come into effect May 25, 2018.
What is GDPR? A brief introduction
If you haven’t come across it yet, or have only paid it limited attention so far, GDPR stands for General Data Protection Regulations and will cover the entire EU region. The regulations will introduce tighter rules for how personal data is collected, stored, and processed by companies and other private organizations.
The aim is to strengthen the rights for individuals in understanding who has access to their private data and what this data is being be used for. The intention is that people should be able to quickly and easily access the data companies have stored about them and see how that data has been collected, and by whom.
How does this affect our video meetings and calls?
It might seem easy to think that since it’s European based laws coming into effect that it is mostly European-based service providers who will be impacted. But in today’s digital age, where anybody can connect to the cloud from virtually anywhere on the planet, data privacy and security is an issue that’s always accompanied with a global subtext.
One of the main benefits of video meetings and calling is being able to collaborate effectively with coworkers, customers, or other stakeholders in faraway locations. Even if you’re based in say North America, if you’re meeting some of the team from your European office on video, suddenly European GDPR regulations become very much a consideration you can’t ignore.
One thing that we do know about GDPR is that there are a lot of unknowns, with many of the finer details still to be finalized. In such a scenario as the one above, it may not necessarily be enough to argue that a call might have originated from outside the EU geographical jurisdiction. Even if you bought the service and manage it from another location, if you have users inside the service, they should be able to use a service that's compliant with GDPR.
OK, but what if we don’t really deal with people in the EU on video?
That might be, but that not to say GDPR won’t still be relevant for your company. For a start, the digital globalization of the workplace is only continuing, especially as more and more businesses move towards the cloud. The chances are, most businesses beyond the smallest local operations will encounter some interaction with users in places all over the world. Looking to the future, trying to stay within the lines for rules only in some regions and not others won’t be very effective or efficient for any ambitious company wanting to grow.
And another perhaps more compelling reason for every business using professional videoconferencing to sit up and take notice of GDPR, whether you’re based in Europe or not, is simply the benefits it will offer your company and its users.
Data protection and privacy are some of the most common items our customers talk to us about. We have customers in banking, healthcare and legal services, where security is a major consideration. The introduction of GDPR will ensure the EU is going to be covered by some of the strictest data privacy laws anywhere in the world. If your video provider is compliant with GDPR, it means they’re complying to the highest commercial standards. This is win for you, regardless of how much of your usage is actually covered by GDPR.
The practical applications of videoconferencing and GDPR
Every service provider will have to consider how they collect and store user’s personal data. But as a customer, there are few things you or your IT team can consider in relation to the company’s video users. Here are some of the most common items:
- Users’ personal login details
- Users’ locations
- Personal call history
- Where is user data location actually stored (where are the servers located?)
- If a call or meeting is recorded, how is the recording stored and who can access it
- Access to personal calendar (how meetings are scheduled on the service)
At a company level, if you have more than a handful of users, this might mean having a centralized video service that allows you to easily perform basic user management yourself:
- Central dashboard for user management to add/remove users and monitor usage
- SSO (single sign on) features make it much easier to securely administer many users at once, and safely remove them or reset passwords
- It should also make it easier to switch service providers, since GDPR will force companies to hand over all user data on request at the end of a service agreement
One last thing...
An important distinction to make is understanding the difference between how a video call is delivered versus how the users’ data is stored. At Videxio, we use a dedicated cloud network to deliver high quality calls. This network is made up of “PoPs” (points of presence) spread across the world. Each call is routed through the nearest PoP to give the best possible call quality for your location.
However, whilst our live calling data might be routed through a geographical location, that doesn’t mean personal data is then stored there. We store all personal data separately in servers in Europe, already governed by very strong data protection laws.
Of course, each customer’s requirements will vary slightly differently according to their infrastructure and security processes, but one of the best things about choosing a cloud service provider is that we take on the bulk of the responsibility to deliver a robust solution that remains up to date and compliant with the latest market conditions.