The General Data Protection Regulation is the single greatest change in data protection legislation since the EU Data Protection Initiative came into force in 1995. It is the result of four years’ work and aims to give people greater control over the ways their personal data is used while giving businesses a clearer legal environment in which to operate. Companies and organisations that do business in the EU – even if they aren’t based there – will be legally obliged to comply with GDPR from 25th May 2018.
The primary aspects of the GDPR are as follows:
• 6 data protection principles are laid out, and personal data must be processed in accordance with them
• All companies must be able to demonstrate compliance with the GDPR for accountability and governance
• Companies must build effective data protection procedures and safeguards that function from the outset of all processing
• The lawful basis of all data processing must be identified and documented
• There will be stricter regulations for obtaining consent
• A number of privacy rights for individuals are enhanced and extended, as laid out in the documentation
• Companies must be transparent about how personal data is processed
• Data breaches must be reported within 72 hours of discovery
How is ExpenseIn preparing?
We have established a dedicated GDPR committee, chaired by our appointed Data Protection Officer. This committee monitors and assesses the impact of GDPR on existing processes for data processing, and ensures full compliance with the upcoming regulations.
We are performing an updated privacy impact assessment, enabling us to identify the most effective ways we can meet GDPR compliance and guarantee full transparency for all of our customers. We are also reviewing all internal policies and contracts, as well as those for suppliers and customers, to ensure GDPR compliance is met across the board.
We are also in the ongoing process of implementing a number of enhanced security features to protect our storage of data. This includes multi-factor authentication (MFA), transparent device management and increased password control.
Compliance at every level
ExpenseIn is committed to only engaging with suppliers who share our sense of focus on the importance of security and data protection. We work with leading providers like Amazon AWS and SagePay to ensure every aspect of our service is up to the standards the GDPR and our customers demand.
ExpenseIn always puts customers first, and we have been working towards full GDPR compliance ever since it was first adopted by the EU Parliament in April 2016. We keep accounts secure with passwords that are secured with cryptographic measures which follow industry standards. Our uptime is almost absolute, so we’re always here when you need us, and we store all your data, such as digital receipts, safely with the support of industry leaders in secure cloud technology.
Statistics show that more than half of companies that will be subject to GDPR legislation have not taken steps to prepare for it. We want our customers to know that we are not one of them – we have been working hard to ensure comprehensive compliance with GDPR, and we pledge our commitment to the protection of our customers’ personal data as a fundamental company policy at ExpenseIn.