What is the GDPR?

On April 27, 2016, the Parliament and Council of the European Union adopted the EU General Data Protection Regulation (GDPR). The GDPR will be directly applicable to EU member states as of May 25, 2018, thereby ensuring a harmonized data protection standard across the EU.

The GDPR standardizes personal data protection laws and imposes strict obligations on organizations that control and process personal data. The GDPR aims to strengthen the fundamental rights of EU residents by expanding privacy rights and giving individuals control over their personal data. More information about the GDPR can be found on the European Commission Website.

How has Amsons addressed the GDPR?

Amsons has appointed a Data Protection Officer and established a cross-functional GDPR Readiness Team that has taken into account both internal and stakeholder compliance requirements. The GDPR Readiness team is charged with:

– Managing Amsons internal compliance to the GDPR, including, but not limited to, its privacy policies

– Identifying and monitoring enhancements to Amsons offerings, websites and communications to specifically enable customer and other stakeholder compliance to the GDPR. These enhancements include:

• Changes to access rights and security mechanisms;

• Improvements to user consent management;

• Reinforcement of processes to request modification or deletion of personal data;

• Improvements to product documentation and user guides regarding data privacy best practices.

What is the responsibility of a data controller versus a data processor?

Designation of a person or an entity as a data controller or data processor has different obligations under the GDPR:

A data controller is defined as the person or entity that determines, alone or jointly with others, the purposes and the means of the processing of personal data. Amsons may be considered to have this role when processing personal data in its internal tools (e.g., financial systems). A data controller is also typically an organization that has licensed Amsons solutions and is responsible for the handling of personal data. Personal data handling is generally based on factors such as industry, statutory and regulatory requirements and the nature of the data stored. For example, data controllers need to determine when personal data should be manipulated (deleted or modified per the GDPR) or when it should be retained for record keeping or regulatory purposes.

A data processor is defined as the person or entity that processes personal data on behalf of the controller., Amsons is acting as a data processor for the personal data it’s been asked to process and store. As a data processor, Amsons processes personal data in accordance with the GDPR, the agreement signed between parties, and the business rules that have been established by an enterprise in Amsons solutions.

What is the GDPR Responsibility of Amsons Stakeholders and Customers?

Customers who use Amsons offerings are ultimately responsible for determining how they will comply with the GDPR based on their specific business requirements. These requirements are based on factors such as industry, statutory and regulatory requirements, and the nature of the data stored by customers in Amsons offerings. Specifically, customers need to determine when personal data should be manipulated (deleted or modified per the GDPR) or when it should be retained for record keeping or regulatory purposes. It is the responsibility of Amsons to release its Amsons offerings with functionality that enables customers to be GDPR compliant.