What your business needs to know about compliance with the General Data Protection Regulation
The European Union (EU) has taken steps to protect the fundamental right to privacy of every EU resident with the introduction of the General Data Protection Regulation (GDPR) on 25 May, 2018.
Any organisation that works with EU residents’ personal data - irrespective of the organisation's location - has to meet these obligations.
EU residents will now have greater say over their personal data; how it is used, processed or deleted.
GDPR applies to the processing of EU citizens’ personal data by the data controller and data processor, regardless of where the data controller or data processor are located.
To review more detailed definitions and articles, please visit the European Union’s website.
Any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
A controller is the entity that determines the purposes, conditions and means of processing the personal data.
The processor is an entity that processes personal data on behalf of the controller. Pronto Software is addressing GDPR requirements as a data processor on our customers’ behalf who are the data controllers.
As an organisation, Pronto Software and all subsidiaries are contractually obligated to observe the principles of the Australian Privacy Act including the recent changes via the Notifiable Data Breach (NDB) scheme. The introduction of GDPR however extends the European Union’s reach to Australian organisations who hold the personal information of EU residents.
Pronto Software is investing heavily in the area of security, risk and compliance through a formal “Security, Risk and Compliance” governance structure that reports directly to the Pronto Software board.
Pronto Software will continue to be committed to safeguarding the security of its customer solutions to ensure it remains compliant with applicable legislations.
ronto Cloud is undertaking the ASAE3402 compliance audit which provides independent assurance reports on our controls as a service organisation. As part of the compliance program, a set of minimum baseline IT general controls have been established which covers the protection and security of customer data. The key components of our ASAE3402 controls are information security awareness, logical and physical access security, security measures to counter malicious electronic attacks, encryption, backup and recovery, change management, as well as sub-processor/ third-party management.
In addition, Pronto Cloud undertakes annual penetration testing which is conducted by a third party security specialist to specifically undertake both internal and external network testing. The main aim of this testing it to stress test the environment to discover any potential vulnerabilities that may need to be remediated and to implement improvements to our overall security posture.
We also have an ongoing project in relation to aligning Pronto Software to the ISO 22301 standard for “Business Continuity” to ensure that we have managed our risk effectively and have all relevant procedures and documentation in place to recover our systems and customers within Pronto Software, in the event of a breach or disaster.
For Pronto Cloud customers, we require any sub-processors that handle personal data, including our data center partner, to follow the same security and privacy standards we adhere to. We store data in data centers located in Australia that are ISO 27001 and ISO14001 certified. Pronto Cloud employs various security measures to protect customer data such as multifactor authentication, firewall, antivirus, patching, encryption in transit and encryption at rest, vulnerability scanning, Intrusion Detection (IDS), Intrusion Prevention (IPS) and log security event management (SEM). We have various monitoring systems in place that pulse check our entire environment covering our network, physical hardware and our virtualised platform. Our systems are monitored 24/7/365 with automated alert notifications to engineers.
Pronto Software Limited
20 Lakeside Drive,
Burwood East, Vic 3151