FAQ | WhatsApp Business

Utilize tyntec’s FAQs to help solve any issues you may have. Additionally, learn about cloud communications, CPaaS, SMS for business, authentication, and more. If any questions arise while reading, don’t hesitate to contact us.

Is tyntec PCI Compliant?

FAQs

WhatsApp Business

Getting Started

Phone Numbers

Business Verification

Integrations & Testing

Message Types & Templates

Your WhatsApp Account

Compliance & GDPR, Opt-Ins

Pricing

Payments & Billing

ISVs & Technical Integrators

WhatsApp Commerce Policy

Performance

Is tyntec PCI compliant?

tyntec operates worldwide, and many countries have specific requirements  regarding data security, data privacy, and technical and organisational  measures to ensure these, such as ISO 27001, SOC1, SOC2, SOC3, NIST, PCI DSS, HIPAA,  PIPEDA (Canada) ISAE 3000, 201 CMR 17.00 for Massachusetts residents, etc. Usually, despite overlaps, certifications according to these requirements have to be performed independently of each other.

      Since May 2018, GDPR is the relevant legislation in the EU (plus Norway and Switzerland=EEA), requiring companies doing business in this geographic area to employ state-of-art technical and organisational measures to ensure data security and privacy. These measures include monitoring, alerts, audit trails, user rights management, encryption, data integrity, resilience of systems and services, etc., independent of technology (e.g. cloud) or line of business.

      Usually, the GDPR is more demanding than other (older) frameworks, and overlaps quite a bit with PCI and other regulations/certifications:

       

        • Identify sensitive data

       

        • Reduction of the amount of sensitive data

       

        • Security of the data you keep

       

        • Limit access

       

        • Log access

       

        • Assessment for compliance

       

        • Preparation to respond to data breaches

       

      Differences between GDPR and PCI:

       

        • Consequences of noncompliance

       

        • PCI DSS is an independent standard, the GDPR is enforced by any government authority

       

        • Scope: cardholder data vs. all personal data in general

       

        • Who’s data: every cardholder vs. citizens of the EEA

       

      Although tyntec has not been certified according to ISO 27001 or the “BSI  Grundschutz” we have been audited on-site by some of our customers without  major findings (Porsche, WebId Solutions, DAB bank).

       

      For more information about tyntec’s GDPR compliance, please check our Security and GDPR Guide here.