[ 01.02.2018 ]
With less than four months (May, 2018) before the General Data Protection Regulation (GDPR) is imposed, time is running out for Communications Service Providers (CSPs) to ensure all their mechanisms are in place to be compliant. While previous regulations were more focused on protecting personal data and how information is stored, this new regulation takes it a step further and focuses on how personal data is actually processed. With today’s complex IT environments and cloud deployments, this is no simple task. Getting everything in place for the May deadline has become a real challenge for many CSPs, especially when it comes to ensuring their revenue assurance and fraud management solutions are compliant.
Becoming GDPR compliant using APIs
Application and data security is just the tip of the iceberg regarding the requirements imposed by GDPR. The ability to deliver applications that adhere to their ‘secure by design’ and ‘privacy by design’ philosophies will also pose a challenge for DevOps teams.
By their very nature, Revenue Assurance and Fraud Management solutions need to be able to access customer data in order to monitor a CSP’s products, services and processes. These solutions rely upon different access points to gather information from various departments, including billing, customer care, and many other business support systems (BSS) that store confidential customer data. From a technical perspective, one of the key mechanisms that will help CSPs to comply to GDPR standards when deploying a risk management strategy is by using application program interfaces, or APIs. To be GDPR compliant, these teams will need to enhance the control layer at each of these touch points, and develop the tools to report on what has been collected.
The API is the tool for the job, as it functions as the gatekeeper for the digital revolution. If your Revenue Assurance and Fraud Management teams use a simplified approach to deploy APIs, without the need to configure code for specific interfaces, you can still enhance the security layer between your organization’s governance and compliance, and its OSS/BSS environment. This will ensure you have the controls in place to manage what data is allowed to be accessed, and in what form.
Together, with best-practices like Segregation of Duties (SoD), APIs can work to prevent a single person from accumulating too much power when it comes to accessing confidential data. For example, you want to prevent a scenario where a user can create a request to access data, and then also has the authority to approve that request. With an effective SoD strategy in place, this will be less likely to happen, particularly when you integrate data directly from your database. This will allow the CSP to control what information is being accessed and made visible to each of the RA/FM stakeholders, as well as provide regulators with better insights on company data flows. In a nutshell - the more control and the better the data strategy - the more GDPR compliant CSPs will be.
While APIs are not the silver bullet to ensuring GDPR compliance, API implementation will play a very important role when organizations want to review and redesign business operations related to personal data processing.
For example, the network infrastructure used for processing and storing customer data, along with staff members who have access to personal data, are other areas CSPs will need to evaluate as part of their bigger IT design strategy.
TMForum members are working together on API standard to drive interoperability across digital ecosystems.
In one of its collaborative initiatives TM Forum is bringing different stakeholders from across industries to work together and build key partnerships to create the APIs and connections. The reference architecture and APIs that the program participants are co-creating are critical for building innovative new digital services in a number of key areas, including IoT applications, smart cities, mobile banking and more.
To date, 35 of the world’s leading service providers and technology ecosystem participants have signed the Open API Manifesto publicly demonstrating their endorsement of TM Forum’s suite of Open APIs.
Whether your organization is looking to comply with the EU General Data Protection Regulation's documentation requirements or simply wants to do deliver services faster & reduce OpEx, you may be interested in looking at the TM Forum’s Open API program and see how it evolves around Revenue Assurance and Fraud Management.
While organizations might think they know where their data is stored and controlled, the reality is that data is typically spread across the entire organization and is widely used, transformed and accessed in different ways by different people and applications. This is one of the unavoidable outcomes of doing business in today’s new digital age, where data is transformed, added, enriched and processed for different purposes. As the GDPR deadline looms, organizations need to make sure that they can meet all the new regulatory requirements, but also take advantage of the wider benefits this new ruling can bring. For many, the GDPR may shine a light on the need to upgrade existing tools. By leveraging the benefits of modern Revenue Assurance and Fraud Management solutions, CSPs can expand their data processing capabilities to correlate seemingly unrelated pieces of data. This ability is extremely important in order to adopt an in-depth defense strategy for both protecting and controlling personal data, in addition to providing a more comprehensive and effective risk management strategy.
Let me know your thoughts and please feel free to Contact Us should you have any questions.