With full respect to the fact that our clients use ApprovalMax for handling their core finance information, we consider security of our clients' data as one of our top priorities.
Therefore, compliance with the new General Data Protection Regulation (GDPR), which is due to take effect from 25 May 2018, is high on our agenda.
As part of our GDPR readiness initiative, we are looking into the following key aspects in terms of GDPR compliance validation and improvement:
- Identifying the Personally Identifiable Information (PII)/Personal Data that is being collected and making sure that it is handled in accordance with GDPR standards
- Providing our users with appropriate control mechanisms to safeguard their personal data
- Reviewing our security and privacy processes currently in place in order to enhance them as needed, and providing the necessary documentation as per the GDPR requirements
- Working with our partners to ensure GDPR compliance during data exchange
- Training the responsible ApprovalMax employees in terms of GDPR regulations and procedures
ApprovalMax expects to be fully GDPR compliant by 25 May 2018, when the new GDPR comes into effect.
Here are some important facts regarding ApprovalMax's GDPR compliance to date:
- For our EU-based clients, ApprovalMax does all our data processing in EU-based cloud centres in Ireland and the Netherlands. ApprovalMax guarantees that there is no cross-border data transfer and that all data is safely handled within the EU.
- ApprovalMax employs the Microsoft Azure cloud infrastructure and we rely on Microsoft for multiple aspects of GDPR compliance, such as physical data centre security, secure infrastructure management, and others.
- In terms of software security, ApprovalMax applies all internal security validation processes as well as external 3rd-party penetration testing (recently performed by Cigital) to make sure ApprovalMax meets the required data security at any given time.
- ApprovalMax already has all necessary procedures in place for both enabling data owners to exercise their rights under GDPR and, if it should occur, to promptly report any detected breach to the established EU authorities.
For questions, feel free to contact us on: email@example.com