Accessible Information Management Plan for GDPR Compliance and Best Practices
We are committed to working with and partnering with customers and users to help them understand GDPR (General Data Protection Regulation) and protecting of client data. The GDPR went into effect My 25th, 2018 and is the most comprehensive EU Data privacy law to date.
What is GDPR?
The GDPR is an EU-based privacy law that solidifies and codifies the various national data protection law within a single set of rules that are directly enforceable throughout the EU.
What does the GDPR regulate?
Any and all organizations that operate in the EU, and process personal data of EU residents or Data Subjects are subject to GDPR. GDPR regulates the processing of that data. According to the GDPR, processing data means any operation performed on personal data, automated or not, including collection, use or recording.
Key Terms
Controller and Processor
As per EU GDPR:
Controller – "means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data"
Processor - "means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller"
When Using AIM, Am I The Controller or Processor?
A client or university that is using AIM would be the controller, since they are entering data into the system, while AIM would be the processor since AIM is storing the data for the university. As per AIM’s policies, clients own their own data.
As per GDPR, controllers are responsible for, "Taking into account the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary."
This means that you may need to assign staff or responsible parties for your own data protection and conduct impact assessments as necessary to ensure appropriate protection measures are in place.
GDPR requires new and additional obligations on all organizations that may handle EU Citizen personal data, regardless of the organization’s location.
In order to meet GDPR Compliance requirements, AIM has developed and implemented a variety of tools and measures to validate and ensure that data is safe, secure and most of all restricted.
Some of the ways we have done this are:
-
Enhanced security infrastructure and systems.
-
Appropriate contractual terms and guidelines.
-
System offerings that include tools for data management, tracking as well as data portability.
Our security infrastructure and systems are continually being evaluated and enhanced as new tools and methods become available, ensuring that the system provided is the most secure and useable system available. Protecting customer data and information and their privacy is paramount for a cloud based company that has earned our customers trust and loyalty.
Our security team is always kept abreast of current threats as well as developing critical situations to best respond as well as protect impending issues either by appropriate patching, tool development or even utilization of industry available systems to enhance the security of our system. Current policy incident response plans outline and follows GDPR established guidelines.
For more information regarding our security policies and procedures, please contact Haris Gunadi: support@accessiblelearning.com
To facilitate data management, we have a variety of compliance-related tools available.
-
Organizations may access and import or export their customer data, including relevant emails and communications.
-
They can export a comprehensive report for a person of record and share with the contact that has requested to see their records.
-
Profiles can be deleted upon request if necessary, from the AIM system.
-
Tracking of data entry and origination – a complete tracking log with date and time stamped entries can indicate when a person was added, modified or updated and by whom.
-
Historical reporting – you can also report on the complete life cycle of the person, services and information provided as well as used by the person.