Acumatica complies and supports with GDPR data protection rules
I am happy to report that Acumatica Cloud ERP for small to mid sized companies complies with the new EU data protection rules. This type of responsiveness to the global market is one of the reasons that AccuNet choose Acumatica as our next generation ERP solution. If you have customers, employees or vendors in the EU, this law impacts your current ERP system, see details below:
Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. Effective May 25, 2018, the GDPR seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
This new regulation broadly affects all organizations, government agencies, and companies throughout the world that collect or use personal data tied to EU residents. It affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA). Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security, and compliance in the industry.
Acumatica supports and complies with the GDPR.
Key GDPR Requirements for SaaS Customers
As the new GDPR requirements become a reality, organizations using cloud applications worldwide should be aware of their data privacy and security needs relating to their collection and handling of personal information. Here are four key requirements we are highlighting:
- Organizations must implement an appropriate level of security—encompassing both technical and organizational security controls—to prevent data loss, information leaks, or other unauthorized data processing operations. GDPR encourages companies to incorporate encryption, incident management, network and system integrity, and availability and resilience requirements into their security program.
Extended Rights of Individuals
- Individuals have greater control—and ultimately greater ownership of—their own data. They also have an extended set of data protection rights, including the right to data portability and the right to be forgotten.
Documentation and Security Audits
- Organizations will be expected to document and maintain records of their security practices, audit the effectiveness of their security programs, and take corrective measures, where appropriate.
Data Breach Notification
- The GDPR has specific requirements about when and how cloud customers have to announce a personal data breach to their regulators and/or impacted individuals.
For more information on how Acumatica and AccuNet can solve your financial, distribution and project management needs, contact Michael Milligan at [email protected].