For this article, we spoke to our Account Executive Sven Giesbert about our joint project with Rheinische Post. The focus was on the implementation of a solution for number validation in telemarketing, which was made necessary by new EU regulations. COCUS ensured a secure, automated and efficient validation of telephone and mobile numbers that is scalable and data protection compliant.
Sven, what challenges did COCUS face when implementing data protection compliant number validation?
“Fortunately, we faced few significant challenges in this project, as cloud consulting, implementation and subsequent operation are among our core competences. Nevertheless, it became clear during the analysis phase that not all of the required cloud services are equally available from providers worldwide. This required a differentiated approach depending on the region.
A concrete example: At the time of our audit, Google Cloud did not offer German text messaging, which was important for the project. AWS, on the other hand, was already better positioned in this respect. Such regional differences must always be taken into account in international projects and require a flexible approach.”
How was the collaboration with the Rheinische Post team?
“The collaboration with Rheinische Post was characterised by an atmosphere of trust and mutual appreciation. The flexibility that we as the COCUS team brought to the project in order to respond to the customer’s individual needs deserves special mention. An essential success factor was the deep understanding of the specific requirements and the motivation behind Rheinische Post’s wishes.
Our first step was to provide sound advice on the selection of a suitable cloud provider. We submitted two architecture proposals: One based on Google Cloud, which the customer was already familiar with, and an alternative proposal using Amazon Web Services. The customer’s openness to new ideas and clear commitment to the ‘keep it simple’ principle was particularly pleasing. This collaboration ultimately resulted in a serverless solution, which was successfully implemented following joint coordination.”
In your opinion, what were the greatest successes of the project?
“The success of the project can be viewed from various perspectives. One key aspect was the mutual trust that was quickly established, which led to uncomplicated and rapid coordination. This enabled us to implement an efficient and cost-effective solution for telephone number validation in a short space of time. The use of Lambda services, which enabled us to dispense with conventional, dedicated server capacities, should be emphasised in particular.
The decision in favour of Lambda services – and therefore a serverless architecture – offers numerous advantages over dedicated servers. One decisive advantage is cost efficiency: with traditional servers, capacities have to be booked and paid for in advance, regardless of whether they are fully utilised. This often leads to overprovisioning of resources. Lambda services, on the other hand, are only billed when they are actually used, which leads to a considerable reduction in hosting costs, especially with fluctuating or irregular loads.
Lambda also offers high scalability and flexibility. As no fixed server structures are required, the computing power automatically adapts to the current demand. This guarantees that the environment remains stable and performant even during sudden load peaks, without having to worry about managing additional server capacity. Especially in a project like this, in which over 220,000 telephone numbers of subscribers and interested parties were successfully validated within a year, this elasticity is a great advantage.
Another advantage of the serverless architecture is the increased reliability. As no dedicated servers need to be managed, many potential sources of error that can occur during the maintenance or operation of physical servers are eliminated. This contributes significantly to the stability and accuracy of the environment, as we were able to experience in this project.
To summarise, by using Lambda services, we were not only able to significantly reduce hosting costs, but also create a scalable and robust solution that meets the client’s requirements in every respect. This shows how efficient and sustainable the solution is and why it has made a significant contribution to the success of the project.”
Are there any trends that you see in the area of GDPR compliance and validation? What are the special features of the media industry?
“The validation of telephone numbers is an essential building block for increasing data security, especially in an increasingly networked and digitalised world. In times when cyberattacks and data breaches are on the rise worldwide, ensuring the authenticity and accuracy of contact data plays a key role. Especially for companies in the media industry that manage a large amount of user data, it is of the utmost importance that the stored telephone numbers are correct and valid in order to prevent misuse, identity theft and data leaks.
In addition to the technical challenges, it is also important to fulfil the increasingly complex regulatory requirements. The EU’s General Data Protection Regulation (GDPR) sets out clear guidelines for the processing of personal data. Companies must ensure that only the minimum necessary data is collected and that this data is only stored for as long as is necessary to fulfil the respective purpose. In the context of telephone number validation, it is therefore crucial not only to record the data correctly, but also to establish processes for the timely deletion and protection of this data.
IT security and data protection have therefore been central components of our work for years. Our experience, which is rooted in over 20 years of working in the telecommunications industry, has taught us the importance of secure and scalable applications that fulfil both regulatory requirements and the high demands of our customers. A particular focus here is on adherence to the ‘security by design’ principles. This means that security aspects are integrated into the planning and development of a solution from the outset instead of being added later.
In the media industry, we use this expertise to develop individual and customised solutions that reconcile both the security of user data and regulatory requirements. The validation of telephone numbers is an integral part of this, as it enables the communication flow to be secure and reliable, which not only increases data security but also strengthens the trust of end users. In view of advancing digitalisation, this will continue to be an indispensable basis for business success in the future.”
What advice can you give companies to implement data protection compliant validation projects?
“There is no way around the issue of data protection when planning a project like this. Especially in times of strict legal requirements and growing sensitivity for the protection of personal data, it is essential to carefully consider data protection aspects right from the start. One of the key principles here is data minimisation, which is also clearly enshrined in the European Union’s General Data Protection Regulation. This principle requires that companies only collect the data that is really necessary to fulfil the respective purpose.
A detailed analysis must therefore be carried out at the start of a project to determine what type of data is required, why it is being collected and to what extent. In the case of telephone number validation, it is crucial to determine exactly what data may be stored – be it just the telephone number itself or additional information such as timestamps or user IDs.
Companies must also determine how long this data may be stored in order to fulfil the respective purpose. This is where so-called deletion concepts come into play, which clearly regulate how and when data must be deleted as soon as it has fulfilled its purpose. These erasure concepts must not only be clearly defined internally, but also communicated transparently to the outside world. According to the GDPR, users have the right to know how their data is being used and how long it will be stored.
It is also important to implement technical measures to ensure that this data is actually deleted as soon as it is no longer needed. This applies to active data in systems as well as backups and archives, which are often overlooked.
Another important aspect is the security of the data throughout its entire life cycle. It is not enough to think about data protection only at the beginning of the project; it must be ensured continuously throughout the entire project cycle. Measures such as encryption, pseudonymisation and access controls are essential to ensure that the data collected is protected from unauthorised access.
Particularly in the context of the GDPR, companies must also ensure that they have a clear concept for dealing with data breaches. Should a data leak occur despite all precautionary measures, the GDPR requires that affected users are informed within a specified period of time and that the supervisory authorities are notified of the incident.
To summarise, it can be said that a comprehensive data protection concept is not only a legal requirement, but also a key building block for customer trust. By taking a close look at issues of data collection, storage and deletion, companies can ensure that they both fulfil the legal requirements and strengthen the trust of their users.”