The General Data Protection Regulation (GDPR) and UK Data Protection Act (DPA) 2018 brought wide-ranging changes to the way that personal data is managed within Europe and the UK. These regulations grant individuals more rights regarding data relating to them and place greater obligations on data controllers and processors related to the handling of personal data.
Asset Bank has a robust GDPR and UK DPA compliance program. We are also committed to supporting our customers with their compliance journey by ensuring appropriate security and privacy considerations are built into our services and contracts.
Our commitment to data protection
Our organisation wide compliance programme is designed to ensure that our customers can be confident that their data is being handled in a compliant manner. A summary of the things we implemented includes:
- We have carried out an in depth organisation wide audit, gap analysis and data mapping, helping us set clear policies, records and standards about how data is managed
- We have put in place wide ranging processes and procedures to manage the security and processing of data
- Our product teams completed an audit of product functionality and have implemented changes to improve privacy features within the product, and we have made changes and improvements to the security of our hosting services
- We have rolled out GDPR and UK DPA training and awareness for all our employees, making sure everyone knows our responsibilities under the regulations and how it impacts their work
- We have worked with all our suppliers to ensure we have appropriate contracts in place to meet contracting requirements and we have a Data Processing Agreement that our customers can sign up to
- We are regularly improving our product support pages to provide more data protection specific information about how Asset Bank can help with your compliance.
Our GDPR FAQ page also has answers to some common questions.
What do I need to do?
All our customers use Asset Bank differently and so everyone's compliance activities are different. However, we've put together a few steps for you to consider as part of your compliance actions.
- Get to know your Asset Bank. Lots of Asset Bank's features are perfect for supporting you to manage and control your assets. We've highlighted a few of them here, along with support articles that can help you understand how they work.
- Role-Based Access Controls - maintain appropriate controls of personal data and assets
- Approval Workflow - further control of data upload and access
- Managing users - including flexible user data fields and user expiry functions
- Privacy Policy agreement - collect consent from users at login or registration
- Asset lifecycle management - automatically control the visibility of your assets & manage expiry dates
- Reporting - to keep track of how Asset Bank is being used, and by who
- OAuth 2.0 log in options - for secure API access
- Password protected lightboxes - securely share content externally to Asset Bank
- Secure cloud hosting with Amazon Web Services - our hosted services includes encryption of all user details, as well as of assets themselves
- Our support team are also always on hand to help you get the most out of Asset Bank and we can provide training if you need a refresher on how everything works. For larger pieces of work we also offer tailored consultancy packages.
- Review our security and data protection information - our Security and Legal pages provide information for our customers on our security practices as well as our approach to data protection. Please take a look to understand the range of features and processes we have in place to protect your information.
- Review and sign up to our Data Processing Agreement and Standard Contractual Clause - this is available for all our clients to sign up to and provides the required contracting commitments to support the regulations
- Review our Privacy Policy - this details how we manage the data that we collect as part of providing our services to you
Comments
0 comments
Article is closed for comments.