axis diplomat, axis payroll & GDPR
Is axis diplomat/axis payroll GDPR compliant?
No software product is “GDPR compliant”. It is the data you hold, your policies and processes as a data controller which contribute to your organisation’s GDPR compliance. axis diplomat does however provide a range of facilities which may assist you to meet your obligations under GDPR including controlling access to data and “right to be forgotten”.
Is the data held in axis diplomat or axis payroll likely to fall within the scope of GDPR?
Almost certainly. Since the scope of “personal data” under GDPR is significantly expanded from the Data Protection act which it supersedes, it is our view that almost any axis diplomat system and all axis payroll systems will hold some elements of “personal data”.
What “personal data” am I likely to be holding in axis diplomat?
“Personal data” is now defined as anything which can identify an individual. This includes something as apparently innocuous as an email address (regardless of whether it is a personal email address or a corporate/work email address which identifies an individual) so that would encompass many, if not all, of your customer and supplier contact email addresses.
What tools are available to assist my organisation implement good data security / information management within axis diplomat?
There are many aspects of axis diplomat’s functions which can assist you in implementing your policies and procedures. Examples are:
- Integration of axis diplomat user accounts with MS Windows Active Directory to ensure a high degree of user authentication prior to accessing the axis diplomat software.
- The ability to disable user accounts.
- The ability to restrict access to individual functions by axis diplomat user group or individual user account.
- The ability to disable the ability to export data to Excel or csv files from axis diplomat list views on an individual user basis.
- The ability to anonymise data should you need to implement the ‘right to be forgotten’ (axis diplomat 2016 or later).
What new functionality has been added to axis diplomat for GDPR?
Across the business world, the arrival of GDPR has caused a general focus on data privacy and security concerns. As a result, a number of enhancements have been made to axis diplomat and/or axis payroll with a view to improving security. Some of these enhancements are directly related to helping our clients meet their obligations under GDPR whilst others are changes aimed at general improvements to security.
Further enhancements are expected so be sure to keep up-to-date with the latest developments. How to keep updated »
Is axisfirst GDPR compliant?
There is no GDPR compliancy badge or certification. Compliancy can therefore only be established through internal and external audit of an organisation’s information security management. The International Standards Organisation (ISO) provides a specification for an information security management system (ISMS) known as ISO 27001. (An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.) axisfirst is utilising the ISO 27001 standard in order to demonstrate its practice in managing data protection.
Does axisfirst hold any copies of my data?
axisfirst often has one or more copies of a client’s axis diplomat data. These copies are held (and secured) within our network. We use this data for the following purposes:
- To provide the axis SoS (Safe off-site Storage) backup service for axis diplomat and axis payroll systems (typically as a part of your business continuity / disaster recovery plan).
- To provide support services (using the data to carry out investigations into reported problems, suspected software bugs or unexpected behaviour).
- To check compatibility when developing and testing software.
- To provide helpdesk and consultancy advice to you.
In this regard we act as a data processor for You, the data controller. Should you, for any reason, wish axisfirst to delete all copies of the data we hold we on your behalf, we undertake to do this on receipt of a written request from a Director or authorised officer. Should axisfirst cease to provide any services to you, we may permanently delete all copies of your data held by us immediately and without further notice.
Is any of my data ever exchanged between axisfirst and third parties?
When developing or testing software which interfaces with third parties with which you interact (e.g. a partner with which you trade, your carrier, your eCommerce provider or HMRC) then relevant data will need to be transmitted between us and those third parties. All data held within your licensed axis diplomat or axis payroll systems belongs to you and all of that data is treated by us as confidential to your organisation.