By using the Aculab site, you agree with our use of cookies.

Preparing to meet the EU GDPR rules with Aculab Cloud

Firstly, lets establish what the GDPR is, and why it’s important to Aculab and its customers in the EU region, and also for our non-EU customers who use Aculab Cloud for their customers who reside in the EU.

The general data protection regulation (GDPR) is a European law coming into effect on May 25th, 2018 and designed to ensure protection of the privacy rights of citizens in the EU region. It applies to any organisation doing business in the EU who processes the personally identifiable data of natural persons. It takes over from the current EU data protection directive (DPD), directive 95/46/EC, which has been in force since 1995.

The GDPR affects companies in different ways. At Aculab, we are affected in two ways, as both a data processor and as a data controller. The GDPR defines these two types of data handler, the data processor and the data controller, as follows:

Data processor The data processor is responsible for processing personal data on behalf of a data controller
Data controller The natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data

Aculab is both a data processor and controller. In our general marketing activities, whereby we handle individual details such as name, email address and phone numbers of customers and prospects who visit our website or whom we meet at events, then we are a controller of that data and as such must have measures in place to protect it. Our privacy policy gives further details in that respect.

With our recent website refresh, we have already built in the appropriate consent measures as you will see if you use any of the webforms on the site.

In running our Aculab Cloud service, Aculab is affected in a different way – we process your customers’ data and as such are acting as a data processor. The focus of this post is on what Aculab is doing in regard to our Aculab Cloud service to make sure we meet the GDPR and protect your data.

What we are working on to protect your data on Aculab Cloud

The rules relating to personal data that the GDPR covers are as follows:

The right to be informed Organisations must clearly state how they plan to use personal data
The right of access Access for an individual to the data that is being stored about themselves
The right to rectification Rectification of personal data if it is inaccurate or incomplete
The right to erasure Also known as the right to be forgotten. Processes to cover the removal of personal data from systems
The right to restrict processing Individuals have a right to ‘block’ or suppress processing of personal data. When processing is restricted, you are permitted to store the personal data, but not further process it
The right to data portability Allows individuals to obtain and reuse their personal data for their own purposes across different services 
The right to object Enabling citizens to object to having their data processed
Rights in relation to automated decision making and profiling Rights of an individual to request information on and challenge decisions based on automated decision making with regard to their personal data


As a data processor, we are obliged to support our customers (acting as a data controller) and enable you to meet your obligations under the GDPR for personal data privacy.

We have conducted internal data audits and are working on our internal processes to ensure that we meet all the rules that the GDPR brings into effect about processing, protection and storage of personal data of EU citizens.

For Aculab Cloud, that personal data may include call or message records, and call recordings.

In terms of the process areas we are looking at, compliance can be broken down into these areas:

Access control Making sure we restrict who has access to your data
Data retention and deletion How long CDRs are stored, and when they can be deleted
Data security How to protect the data using encryption techniques
Auditing processes If we are asked what we are storing and why, we need to have an audit trail for that data


In some areas, we already have technology in place. For example, we already offer encryption of call recordings (free of charge). In other areas, we will be tightening up the processes we already have in place to make sure we fully meet the GDPR regulations.

We will keep you informed with further posts as these processes come into being.



The Aculab blog

News, views and industry insights from Aculab

  • Voice Biometrics: Why Businesses and Users are driving its adoption

    In this blog post, we’ll look at the rapidly growing market of Voice Biometrics, and what drives its increasing rate of adoption, as more businesses and services are made aware of the need for multi-factor authentication.

    Read more

  • An underused tool in the fight against the second wave of Coronavirus

    In this article, we'll go into a bit more depth as to why exactly Broadcast Messaging is such a powerful tool. We have compiled a list of six unique characteristics to highlight exactly how it can be used productively, to shore up the lines of communication in the ongoing situation with Coronavirus.

    Read more

  • The seven realms of Broadcast Messaging

    Broadcast messaging that uses a cloud-based service is a natural choice. Using a cloud as-a-service approach gives a variety of message delivery options, and cuts down costs by automatically scaling to meet demand. Find out what makes Aculab Cloud such a natural choice for voice and SMS broadcast messaging, and how other customers are already reaping the benefits from using Aculab's CPaaS platform.

    Read more

  • The technology working behind the scenes to support emergency services networks

    Now more than ever, telecoms infrastructures play a vital role in supporting the health of our communities. Behind the scenes, networking technologies are working to keep the lines of communications open between emergency services and those in need.

    A recent example from the Lombardy region of Italy highlights a typical scenario:

    Read more

  • What’s wrong with Knowledge-Based Authentication (KBA)?

    For many years, online and telephone-based authentication has relied on knowledge-based systems using passwords, PINs, and question-and-answer dialogues to confirm a customer’s identity. With the explosion in the number of contact centres, this approach is close to breaking point. Nobody in the modern world can be expected to remember all of the passwords they need to securely access all their services.

    Read more