Business Communications and the GDPR

Business Communications and the GDPR

What is the GDPR?

The General Data Protection Regulation is a single EU-wide regulation that will replace 28 different pieces of legislation.The goal is to simplify data protection laws and enhance the privacy of individuals. The Regulation will come into force in May 2018 and will toughen up on the way organisations control data. The main difference from the current Data Protection Act will be accountability. The onus will be on the business to prove compliance and to ensure that the data is processed in a manner that ensures the appropriate security of personal data. Significantly, it introduces personal liabilities for company directors.


Why should you care about your phone calls?

Under the Regulation there is a mandate that all IT systems and activities have robust policies and procedures in place. Most businesses will already have general network security in the form of firewalls and email encryption but typically will have neglected the voice element of data protection.This is because when the GDPR is discussed voice communications are not usually the focus.


VoIP telephony systems are the easiest way for hackers to access personal information unless call encryption has been deployed. It is easy to forget that modern telephony solutions are not secure in the same way as traditional ISDN. This is because the calls made on Internet based phone systems are commonly made over the public Internet and are inherently vulnerable to interception.


The GDPR is concerned with identifying personal data and protecting that data. Data can be stored, processed or transmitted. Voice is one form of data; transmitting data over an open or public network does not protect it; encrypting it does.


The Regulation states that businesses need to implement the appropriate technical measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services including the encryption of personal data.


Every business regardless of size or sector will use the phone to process sensitive data at some point; for example  HR data such as payroll information, customer or staff addresses,job titles, passport or driving licence numbers. With cyber- attacks and phone hacking on the rise, it isn’t just a  simple employee error that could cause a data breach.


What steps can you take?

Understandably companies are starting to panic. With penalties of 20 million euros or 4% of global turnover for non-compliance with the GDPR it is easy to see why .The most important thing to remember is that companies need to demonstrate that they have taken all reasonable steps to protect sensitive data. The first step is to think about what data is held and how it can be accessed ahead of  taking appropriate steps to secure it. Protecting personal data in the form of robust IT and business communications procedures forms the cornerstone of complying with the Regulation.Call encryption is a key technology tool to help the ICT teams ensure technical compliance.


Talk to Oxon.Tech today to learn about encrypted business phone systems.




Contact Oxon.Tech today!

Oxon.Tech can help you with a new VoIP solution!


This is a unique website which will require a more modern browser to work!

Please upgrade today!

Firstcom Europe