How does Arb Pro help with compliance?

On May 25, 2018, the new privacy law “General Data Protection Regulation” (GDPR) will come into effect in the European Union (EU). GDPR increases privacy rights of EU individuals, GDPR also places new obligations on organisations that send marketing data or capture and handle EU personal data. Arb Pro can help our users in their efforts to comply with the GDPR using our privacy and security structure to manage their client data.

What is GDPR?

This is a new data protection law in the EU that updates existing laws to tighten protection of personal data. These regulations expand upon existing data protection laws and replace various national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

GDPR & what it controls!

The GDPR regulates data processing, which includes collection, storage, transfer or use, of personal data regarding EU individuals. Any organisation that processes personal data of EU individuals, including tracking their online activities, is within the scope of this new law, regardless of whether the organisation has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any data relating to an identified or identifiable individual (also called a “data subject”).

GDPR How does this law effect Privacy?

GDPR provides increased privacy rights to EU individuals and places increased obligations on organisations that collect data. Some of the key changes are:

  • Compliance Requirements: The GDPR requires organisations to implement policies and procedures, privacy impact assessments and keep records on data activity and written agreements with vendors.
  • Data breach notification and security: GDPR requires organisations to report particular data breaches in data protection, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organisations.
  • Expanded rights for EU individuals: GDPR provides extended rights for EU individuals such as deletion, restriction, and portability of personal data.
  • New requirements for profiling and monitoring: The GDPR places additional obligations on organisations engaged in profiling or monitoring behaviour of EU individuals.
  • Enforcement: Under the GDPR, authorities can fine organisations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred.
  • One stop shop: The GDPR provides a single point of enforcement for organisations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
How will Arb Pro Comply with the new GDPR?

Arb Pro Software Ltd is mostly already compliant with the regulations and take data protection and privacy seriously regardless of these new regulations. We welcome the regulations and consider GDPR as an important step forward in streamlining data protection requirements across the EU and see this as an opportunity to reinforce our own commitment to data protection.

Arb Pro will comply with GDPR in delivery of our web and mobile services that we provide our users, we are dedicated to helping our customers comply with GDPR. We have already analyzed the requirements of the GDPR and are working to make enhancements to our web application to help support our user’s compliance with GDPR.

Arb Pro – What software features will help our users comply with GDPR?

The regulations require our users to have stringent data protection to ensure data is as secure as possible!

Arb Pro web – The software can only be accessed via a secure encrypted connection, using the same levels of security as internet banking for example.

All information which passes between our servers and your computer is encrypted using technology called Secure Sockets Layer (SSL). Click on the padlock symbol to view our data encryption certificate from our website when you are at the login screen or using the product.

Note: The image displayed is an example from Google's Chrome browser.

An SSL Certificate is like a digital passport that confirms the holder's credentials for conducting business on the Internet. When Web users send information such as their names, addresses and credit card numbers to a website secured with an SSL Certificate, the user's browser validates the recipient's digital certificate before establishing an encrypted connection. This process protects information from outside viewing as it flows both to and from the certificate holder's website.

Arb Pro use GoDaddy to provide their SSL protection. GoDaddy's business controls and practices have been thoroughly reviewed by an independent accountant to ensure they conform to the international AICPA/CICA WebTrust for Certification Authorities Principles and Criteria.

Password Protection!

Users can only access their data with a secure password, that users create. To ensure data protection all accounts are created without a password, so that when the user first log’s in they are required to create their own unique password that is only known by the user. Furthermore, the user has total control over their own password creation and management, with functionality to easily change their password at any time using the account command seen below…

Data Storage

Where are the servers and the personal data stored hosted?

Our servers and the personal data you store are hosted on Rack Space data centres in the United Kingdom. Rack space have stringent data management policies and procedures and these can be viewed following this link Rack Space

Your customers right to not receive marketing material!

If you want to send marketing communication to your customers under the new GDPR you will require each client to have opted in, you can no longer send marketing material to a client that has not opted in to receive marketing material. You will no longer be able to just send your customers marketing communication whenever you wish, without their express consent.

To fulfil these requirements, we provide users with tools to mark which users have chosen to opt in or out of Marketing and by default uses are opted out! You must tick the marketing box to include clients in each of your marketing lists…

Your clients right to be forgotten

Your users have a right to request you remove them from your database and delete their data. To fulfil this part of the regulations we provide users with an account delete function that allows our users to delete each specific account and all associated data.

Mobile Data Capture

Our mobile apps have secure username and password protection installed to ensure only those with login details can access the data stored on the device.

To further ensure data protection, we have strict timeout function on the app, meaning if you put the device down, lose the app or during a period of inactivity, the device will auto sign the user out. This timeout function on the app whilst annoying for some users, is an important tool fulfilling GDPR requirements in relation to data protection.