With due respect to the fact that our clients use ApprovalMax for handling their core finance information, we consider the privacy of our clients' data as one of our top priorities.
Therefore, compliance with the new General Data Protection Regulation (GDPR), which took effect on 25 May 2018, is high on our agenda.
As part of our GDPR readiness initiative, here's the key measures we took for GDPR compliance validation and improvement. We:
- Identified the Personally Identifiable Information (PII)/Personal Data that is being collected and made sure that it is handled in accordance with GDPR standards
- Reviewed and improved the process and mechanism of obtaining consent for personal data capture and processing
- Provided our users with appropriate control mechanisms to safeguard their personal data
- Reviewed and enhanced our security and privacy processes documenting personal data flows as per the GDPR requirements
- Worked with our partners and ensured GDPR compliance during data exchange with them
- Trained the responsible ApprovalMax employees in terms of GDPR regulations and procedures
Other important facts regarding ApprovalMax's GDPR compliance are:
- For our EU-based clients, ApprovalMax does all its data processing in EU-based cloud centres in Ireland and the Netherlands. ApprovalMax guarantees that there is no cross-border data transfer and that all data is safely handled within the EU.
- ApprovalMax employs the Microsoft Azure cloud infrastructure and we rely on Microsoft for multiple aspects of GDPR compliance, such as physical data centre security, secure infrastructure management, and others.
- In terms of software security, ApprovalMax applies all internal security validation processes as well as external 3rd-party penetration testing (recently performed by Cigital) to make sure ApprovalMax meets the data security requirements at any given time.
- ApprovalMax has all necessary procedures in place for both enabling data owners to exercise their rights under GDPR and, if it should occur, to promptly report any detected breach.
For GDPR-related questions, feel free to contact us on: firstname.lastname@example.org