As of 25 May 2018, all organisations working with the personal data of EU citizens will have to comply with the General Data Protection Regulation (GDPR). Therefore, we are pleased to announce that Wavecell will be fully compliant with the GDPR.
Wavecell’s GDPR commitment
As a cloud communications provider, Wavecell manages the personal data on behalf of our customers. These data include mobile phone numbers, text message bodies that may contain sensitive information, user IDs and IP addresses to ensure the successful delivery of communications. We also manage commercial data concerning our customers and personal data of our employees.
As we continue to grow and scale up our platform, our commitment to data privacy and security still stands as our key priority. Wavecell sees the GDPR as an opportunity to carry out an extensive review of our internal workflows, data processes and security terms to ensure all personal data are indeed secured and compliant.
What Wavecell is doing for GDPR
Wavecell strives to make this compliance easier for our vendors and suppliers whilst ensuring all EU and international personal data are kept secured. Here’s how Wavecell is GDPR-compliant and how we are working towards being GDPR-ready for our future product changes:
Data Protection Team established
- A Data Protection Team consisting of our Legal, Product, and IT departments is in place to ensure that we are always compliant with the GDPR
- Team members of Wavecell are well-trained and compliant with our internal personal data protection policy (defined by the Data Protection Team)
- Wavecell contract templates and website terms have been revised and made GDPR-compliant
- Should customers require a Data Protection Agreement established, Wavecell will comply accordingly
- All Wavecell suppliers are required to sign our Data Protection Agreement to ensure compliance with the GDPR
Adapt our products
- We are mapping all microservices, databases accessing and storing personal data, ensuring that their accesses are secured and logged, and that retention period is limited to the strict minimum necessary, and never longer than 6 months
- By default, the last 4 digits of phone numbers and all SMS message bodies that resides in our database will be redacted after 6 months from their created date
- Upon any customer’s request, we can immediately redact phone numbers and remove message bodies from our long-term storage databases. However, if this is done so, it will be harder to debug or solve billing disputes
- We will comply promptly with any request of deletion, modification, or extraction of personal data
- We are logging all actions in our Customer Portal allowing to access personal data to be able to track breaches
- We are encrypting all personal data in our platform for additional security so that it is unreadable even if accesses are breached
- We have implemented the “Data Protection by Design” principle for all new products and features that we develop
Stricter access control
We will also implement stricter access control, where only authorised employees and systems can access personal data.
If you do not find the information you need, you may speak to your Wavecell’s account manager, or reach out to us at firstname.lastname@example.org.