Informizely customer feedback surveys
By using the Aculab site, you agree with our use of cookies.

Aculab Cloud and the EU GDPR

The EU General Data Protection Regulation (GDPR) is important to Aculab and its customers in the EU region, and also for our non-EU customers who use Aculab Cloud for their customers who reside in the EU. This is a summary of what we have done to ensure the privacy and security of customer data on Aculab Cloud.

The GDPR is a European law that came into effect on May 25th, 2018 and is designed to ensure protection of the privacy rights of citizens in the EU region. It applies to any organisation doing business in the EU that processes the personally identifiable data of natural persons. It took over from the current EU data protection directive (DPD), which had been in force since 1995.

In running the Aculab Cloud service, Aculab process your customers’ data, and as such is acting as a data processor. The steps we have taken to make sure the Aculab Cloud service meets the GDPR and protects your data are outlined below.

Protecting your data on Aculab Cloud

As a data processor, we are obliged to support our customers (acting as a data controller) and enable you to meet your obligations under the GDPR for personal data privacy.

For Aculab Cloud, that personal data may include call or message records (CDR), application data records (ADR), and call recordings.

In terms of the data processing we carry out, compliance can be broken down into these areas:

  1. Access control
  2. Data retention and deletion
  3. Data security
  4. Auditing processes

1. Access control

Only limited key personnel have access to customer content on Aculab Cloud, and we ensure that these authorised persons are competent in and conversant with the processing of customer content required for the operation of the services. Furthermore, Aculab has data processing agreements (DPAs) in place with the third-party suppliers used to provide the services to ensure that your customer data is protected.

2. Data retention and deletion

We have set policies for storage times for different categories of customer data, and when they can be deleted. For an active account, call and message logs, speech recordings and database backups are stored for periods between 28 and 180 days. If your account is closed then we will delete the account data systematically – some of the data is deleted immediately while some is deleted as and when backup cycles end – in a matter of weeks. The only data kept for a longer period of time will be billing records which will need to be kept to meet our statutory, financial, regulatory and tax reporting commitments.

3. Data security

Aculab has designed the Aculab Cloud service with security considerations uppermost in our minds. We provide security in terms of the physical infrastructure, the cloud services that run on the infrastructure, and security for your data.

Aculab Cloud runs on Amazon's AWS infrastructure. AWS Virtual Machines are designed to be secure by default, and Aculab Cloud only opens ports and exposes services related to necessary functionality. The services you run can either use our web services APIs all accessed by HTTPS, or our UAS APIs. The UAS approach typically runs the service on the customer site and uses SSL communications to communicate with the cloud. We also undertake penetration testing using a third-party to test for system weaknesses.

Customer data is stored securely on Amazon S3, each customer having access only to their own media files and call recordings. Customers can also encrypt their media files before upload, and choose to have their media recordings on the cloud encrypted before storage. Encryption is provided free of charge to all customers.

If you pay for Aculab Cloud using a credit card, then we protect your payment data by using a third-party payment processor – Aculab neither sees nor stores credit or debit card information.

4. Auditing processes

If we are asked what we are storing and why, through the processes identified above we are able to provide the answers, and are able to show you the data we are handling on behalf of you and your customers.

Full details of the data retention policies and timescales and data security compliance can be found in our privacy policy.

Data processing agreements

To ensure your compliance with the GDPR, we are happy to enter into a DPA with you using either your own template or Aculab's template.

Please contact our This email address is being protected from spambots. You need JavaScript enabled to view it. regarding DPAs or for any other GDPR-related issue.




The Aculab blog

News, views and industry insights from Aculab

  • The seven realms of Broadcast Messaging

    Broadcast messaging that uses a cloud-based service is a natural choice. Using a cloud as-a-service approach gives a variety of message delivery options, and cuts down costs by automatically scaling to meet demand. Find out what makes Aculab Cloud such a natural choice for voice and SMS broadcast messaging, and how other customers are already reaping the benefits from using Aculab's CPaaS platform.

    Read more

  • The technology working behind the scenes to support emergency services networks

    Now more than ever, telecoms infrastructures play a vital role in supporting the health of our communities. Behind the scenes, networking technologies are working to keep the lines of communications open between emergency services and those in need.

    A recent example from the Lombardy region of Italy highlights a typical scenario:

    Read more

  • What’s wrong with Knowledge-Based Authentication (KBA)?

    For many years, online and telephone-based authentication has relied on knowledge-based systems using passwords, PINs, and question-and-answer dialogues to confirm a customer’s identity. With the explosion in the number of contact centres, this approach is close to breaking point. Nobody in the modern world can be expected to remember all of the passwords they need to securely access all their services.

    Read more

  • It’s voice biometrics, not rocket science

    The concept of biometric speaker identification or verification may, at one stage, have seemed like a technical nightmare. The reality is somewhat different. All the sophisticated algorithms and voice processing have already been developed; deploying the application is actually the simple part.

    Read more

  • Multi-lingual speech recognition now supported on Aculab Cloud

    We’re listening – what would you like to do today?

    A generation of people have grown up trying to avoid ringing a contact centre – not because they didn’t like talking to the cheery people who work in such places, but because they first had to get past the IVR system put in place to direct the call. Press 1 for support, 2 for sales, 3 if you know the extension of the person you wish to speak to.…and so on, and so on. We quickly realised that many of these systems would let you bypass the IVR menu and get to a real person if we pressed ‘0’.

    Read more