As you probably know, the GDPR Regulations come/came into force on 25th May 2018. It applies to anyone holding Personal Identifiable information. In our case, as your communications/IT provider, this is limited to Usernames, Phone Numbers, Handsets Provided and Details of Service Provided. We do not hold any other personal information. All other information we hold is related to the Business or Company, IT Equipment, Software Licenses etc. and as this is technically not Personal Information, this falls outside the scope of the GDPR Regulation.
We have sought advice to check where we stand with holding Usernames, Phone Numbers and Service data and, because of our Contract to provide Communication Services, we are classed as having a legitimate need to keep this information on record. Because the Information we hold is specifically related to the employees of the Companies we deal with and is only related to providing the telecommunications of that company, we do not need to obtain individual consent from every individual to hold this information. If we kept records of Home Addresses, Dates of Birth, Bank Details etc. then we would need the consent of everyone.