Aqilla’s stance on GDPR — We’re ready, are you?

Our professional relationships may be changing but our serious attitude towards privacy and security remain the same.

The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive, strengthening the rights that EU individuals have over their data, seeking to unify data protection laws across Europe. It is a significant piece of European privacy legislation and you need to be ready by May this year.

Aqilla like to be ahead of the curve and, as we have always taken data security and privacy very seriously, we have already completed a review of GDPR. This has included assessment of impact to Aqilla as a Cloud Software Provider and impact to our customers, partners, suppliers and prospects. As a result we have implemented the required changes which has included updating our data protection and privacy policy.

Organisations that deal with us can count on the fact that Aqilla is committed to GDPR compliance, both as data processors of our customers’ data and as data controllers of our own.

We are happy to share our stance on this critical requirement and provide details of the changes we have made.

What have we done as Data Controllers?

As providers of Cloud Accounting Finance and Accounting software, we continue to only hold data that directly relates to communications we conduct with business professionals that would be interested in our technology.

This includes partners, prospects and people within third party affiliate organizations.

We have always provided people with the “right to be forgotten” or to unsubscribe from emarketing messages, but have now more explicitly stated this and have made relevant updates to our:

Both of which very clearly state what information we collect, why we collect it and how this data is used.

What have we done as Data Processors?

A processor is responsible for processing personal data on behalf of a controller. Unlike data controllers, data processors have a very limited set of responsibilities under the Data Protection Act. They must only process personal data on the instructions of the Data Controller (our customers who manage their own data).

We have made updates to contractual commitments that directly address GDPR requirements and have reflected these updates in our terms of use which include clauses relating to:

TERMS OF USE: Strong data protection commitments between cloud providers and customers are fundamental to compliance. These clearly articulate our privacy commitments to customers and have been updated for the GDPR as well.

DATA EXPORT: The GDPR includes certain requirements for the export of personal data. The data our customers store in Aqilla is theirs. We provide for portability and are continually working to enhance the robustness of our data export capabilities. We’ve included data portability commitments in our data privacy terms.

INCIDENT NOTIFICATIONS: GDPR contains requirements around breach notifications. Aqilla continues to invest in our security with continued use of UK Data Centres and….

What’s YOUR next step?

There’s never been a better reason to take a closer look at expectations of your organisation. We recently published a handy guide “Turn GDPR to your advantage by focusing on three key things” which presents the impact of GDPR and outlines three key things to focus on:

PEOPLE — Look at what your own people are doing. Are they following internal guidelines and rules on data storage (do you even have any in house rules)? Make sure staff (permanent, temporary and volunteers) understand the dangers of using ad-hoc storage or file sharing solutions that are not managed by the organisation.

TECHNOLOGY— Review your core software solutions. Are you upto date with all of the upgrades and updates? If not you, and your data, could be at risk. Software vendors do a lot more with updates than just fancy new features. A lot of the time work is being done ‘under the bonnet’ to ensure the most up to date security is applied to their own software and your databases. Also be aware of the ‘knock on’ effect of one piece of software being on an older version, does this impact your core operating system or server software? Maybe your old version finance software means you have to use an older version of Excel? If so you and your data could be at risk. Always be on the current version of any software you have — always!

If you are using server based software, is the server safe? not only from physical theft but also the threats you have from your own staff unwittingly allowing access through email malware or malicious downloads, password sharing (or saving).

PROCESS — Do you know what information you have about people on your systems, and more importantly do you know who can access that information and who can make changes? We are used to having financial audits, but do you ever audit the actual data and keep of track of who is changing what (and why)?


More about Aqilla

Within our Cloud Accounting and Business Software, we combine all the features and tools you need to be an effective and successful finance professional.

You experience an Online Accounting platform that grows with your needs and delivers results in an intuitive and easy to use application. Our API and plugins ensure easy integration into CRM, Business Intelligence, Excel and other backend systems. Visit our website to find out more www.aqilla.com