GDPR comes into effect on May 25, and we at Plivo are working to ensure that our systems are compliant with the data protection principles highlighted in the regulations.
One of the most critical aspects of GDPR is data minimization. We’ve completed changes to our data retention policies for call detail records (CDR) and message detail records (MDR) to meet GDPR compliance requirements. Starting May 5, CDRs and MDRs will be retained in our transactional databases for a period of 90 days only from the date they were created.
Present behavior
At present, all CDRs and MDRs are stored in our transactional databases. This means customers can fetch CDRs and MDRs via our APIs or the Plivo console for any date range of their choice, going as far back in time as they wish.
Customers use CDRs and MDRs to analyze usage and quality parameters and as input to their accounting and billing systems. As part of our analysis, we looked at how customers query for CDRs and MDRs and their typical look-back period. More than 98% of customers never query the data beyond first 90 days.
Upcoming changes
Starting May 5, CDRs and MDRs that are older than 90 days will be purged from our transactional databases, and will not be accessible via our API or the Plivo console. Redacted MDRs and CDRs, however, will be persisted in Plivo data warehouses for up to seven years. The redacted records have the last three digits of the From and To numbers masked.
For example, a CDR in our data warehouse looks like this:
Voice Call Detail Record (CDR)
SMS Message Detail Record (MDR)
Our commitment to GDPR
As your communications partner, we understand that our compliance with GDPR is critical for your business. We’re making the effort to ensure your customer data stays safe, while also being mindful about keeping things simple for developers.