No matter where your business is located, it is likely feeling the ripple effects of the European Union’s newly effective General Data Protection Regulation (GDPR), and your business may now be required to audit or revise the way it handles personal data. This is just as true for companies outside Europe because the regulation covers the collection, storage, transfer, or usage of any personal data from individuals in the EU, even if they are just in your email marketing list. And with multi-million-dollar fines on the line, no company can afford to ignore the GDPR.
In our recent white paper, “GDPR: What You Need to Know,” we break down the nuts and bolts of GDPR, including the difference between Data Controllers and Data Processors and the responsibilities of each. Agiloft customers generally use the software to manage their customer information, so they are the designated Data Controller. When using our hosted service, Agiloft is the Data Processor; however, customers that host Agiloft on their own servers are both the Data Controller and Data Processor.
Either way, Agiloft helps you comply with GDPR by giving you complete control of your customer’s data within the system. Thanks to its fundamental data protection features, Agiloft gives customers the power to customize the security of their business enterprise platform to fit their needs while remaining GDPR compliant. Some of these data protection features include:
- Configured access: System includes full password controls using LDAP, two-factor authentication, and other industry-standard security protocols.
- Permissions: All data and actions in Agiloft can be controlled by permissions down to the data element level to enforce customized permissions for different roles and groups.
- Data process auditing: Agiloft maintains a configurable audit trail, or history mechanism, of all data additions, deletions, and changes made.
- Secure data transmission: All data connections to and from Agiloft are encrypted.
- Data redundancy: Agiloft allows you to manage the creation of backups that contain all the data in Agiloft, not just the data in the database.
- Data portability: All data in Agiloft can be exported in a standard XML format.
For our hosted service, Agiloft offers additional protections such as the ability to restore access to data in the event of a technical incident, continuous centralized monitoring to identify breaches, and the ability remove all traces of an individual’s data on request. Our hosted servers are also protected by redundant firewalls, housed in physically secure facilities, and are replicated in real time to slave servers in a completely different geographic location to safeguard against attacks or natural disasters. To ensure continued data security, we contract third party security audits of our hosted service and application software.
We also provide a GDPR-compliant Data Processing Addendum (DPA), enabling customers to meet the GDPR requirements for agreements between you, as a Data Controller, and Agiloft, as a Data Processor.