The General Data Protection Regulation (GDPR) brings wide-ranging changes to the way that personal data will be managed within Europe. It comes into effect on the 25th May 2018 and replaces the current 1995 Data Protection Directive. The GDPR grants individuals more rights regarding data relating to them and places greater obligations on data controllers and processors related to the handling of personal data. It also seeks to streamline the international businesses environment by aligning data protection laws throughout Europe.
Asset Bank is committed to GDPR compliance. We are also committed to supporting our customers with their compliance journey by ensuring appropriate security and privacy considerations are built into our services and contracts.
Our commitment to GDPR
We have been working on an organisation wide GDPR compliance programme, looking at all aspects of our compliance requirements and putting in place measure to ensure data is processed in line with the GDPR. As a processor for our customer's data, we are focused on implementing changes needed to ensure our customers can be confident that their data is being handled in a compliant manner. A summary of the things we have done to date includes:
- We have carried out an in depth organisation wide audit and gap analysis. This identified all the areas we needed to focus on, and actions to put in place to support our compliance
- We have mapped all of the data flows related to the processing of data, helping us set clear policies, records and standards about how data is managed
- We are putting in place wide ranging processes and procedures to manage the security and processing of data
- Our Asset Bank team completed an audit of our product functionality and are implementing changes to improve privacy features within the product, and we have made changes and improvements to the security of our hosting services
- We have been rolling out GDPR training and awareness for all our employees, making sure everyone knows our responsibilities under the GDPR and how it impacts their work.
- We have been working with all our suppliers to ensure we have appropriate contracts in place to meet GDPR requirements and we have a GDPR Data Processing Agreement that our customers can sign up to.
- We are regularly improving our product support pages to provide more data protection specific information about how Asset Bank can help with your compliance.
As these activities progress we are actively updating these pages to share more information with our clients. Our GDPR FAQ page also has answers to some common questions.
What do I need to do?
All our customers use Asset Bank differently and so everyone's compliance activities are going to be different. However, we've put together a few steps for you to consider, to help you along the way
- Get to know your Asset Bank. Lots of Asset Bank's features are perfect for supporting you to manage and control your assets. We've highlighted a few of them here, along with support articles that can help you understand how they work.
- Role-Based Access Controls - maintain appropriate controls of personal data and assets
- Approval Workflow - further control of data upload and access
- Managing users - including flexible user data fields and user expiry functions
- Asset lifecycle management - automatically control the visibility of your assets & manage expiry dates
- Reporting - to keep track of how Asset Bank is being used, and by who
- OAuth 2.0 log in options - for secure API access
- Password protected lightboxes - securely share content externally to Asset Bank
- Secure cloud hosting with Amazon Web Services - our hosted services includes encryption of all user details, as well as of assets themselves
- Our support team are also always on hand to help you get the most out of Asset Bank and we can provide training if you need a refresher on how everything works. For larger pieces of work we also offer tailored consultancy packages.
- Review our security and data protection information - our Security and Legal pages provide information for our customers on our security practices as well as our approach to GDPR. Please take a look to understand the range of features and processes we have in place to protect your information.
- Review and sign up to our GDPR Data Processing Agreement - this is available for all our clients to sign up to and provides the required contracting commitments to support GDPR
- Stay up to date - we always recommend that clients keep up to date with the latest versions of Asset Bank. We are always releasing new features, as well as security and privacy improvements. Customers that host their own Asset Bank should review their last upgrade date and contact us to arrange an update if needed.