The General Data Protection Regulation (GDPR) brings wide-ranging changes to the way that personal data will be managed within Europe. It came into effect on the 25th May 2018 and replaced the 1995 Data Protection Directive. The GDPR grants individuals more rights regarding data relating to them and places greater obligations on data controllers and processors related to the handling of personal data. It also seeks to streamline the international businesses environment by aligning data protection laws throughout Europe.
Bright Interactive is committed to GDPR compliance. We are also committed to supporting our customers with their compliance journey by ensuring appropriate security and privacy considerations are built into our services and contracts.
Our commitment to GDPR
We have implemented an organisation-wide GDPR compliance programme. As a processor for our customers' data, we are focused on implementing changes needed to ensure our customers can be confident that their data is being handled in a compliant manner. A summary of the things we have done to date includes:
We have carried out an in-depth organisation-wide audit, gap analysis and data mapping, helping us set clear policies, records and standards about how data is managed.
We have put in place wide ranging processes and procedures to manage the security and processing of data.
Our product teams completed an audit of product functionality and have implemented changes to improve privacy features within the product, and we have made changes and improvements to the security of our hosting services.
We have rolled out GDPR training and awareness for all our employees, making sure everyone knows our responsibilities under the GDPR and how it impacts their work.
We have worked with all our suppliers to ensure we have appropriate contracts in place to meet GDPR requirements and we have a GDPR Data Processing Agreement that our customers can sign up to.
We are regularly improving our product support pages to provide more data protection specific information about how Asset Bank can help with your compliance.
As these activities progress we are actively updating these pages to share more information with our clients. Our GDPR FAQ page also has answers to some common questions.
The impact of Brexit
In the UK, the data protection regime is governed by the UK General Data Protection Regulation, tailored by the Data Protection Act 2018. We have amended our contract to take account of the changes brought about by Brexit and the transition from EU to UK GDPR.
Where we make restricted transfers of data from the UK to other countries we use Standard Contractual Clauses and have implemented the UK Addendum (which attaches to, and incorporates, the EU Standard Contractual Clauses).
As the UK is no longer part of the EU, we have appointed a data representative whose details are:
Data Protection Representative Limited (trading as DataRep)
12 Northbrook Road
Our Terms and Conditions - you can find our data protection commitments in clause 15.
Sub-Processors and International Data Transfer - learn about our approved sub-processors and how we handle global data processing