Home GDPR and Acumatica Compliance

GDPR and Acumatica Compliance

Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. Effective May 25, 2018, the GDPR seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.

This new regulation broadly affects all organizations, government agencies, and companies throughout the world that collect or use personal data tied to EU residents. It affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA). Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry.

We support and comply with the GDPR.

Key GDPR Requirements for SaaS Customers

As the new GDPR requirements become a reality, organizations using cloud applications worldwide should be aware of their data privacy and security needs relating to their collection and handling of personal information. Here are four key requirements we are highlighting:

  • Data Security

    Organizations must implement an appropriate level of security—encompassing both technical and organizational security controls—to prevent data loss, information leaks, or other unauthorized data processing operations. GDPR encourages companies to incorporate encryption, incident management, network and system integrity, and availability and resilience requirements into their security program.

  • Extended Rights of Individuals

    Individuals have greater control—and ultimately greater ownership of—their own data. They also have an extended set of data protection rights, including the right to data portability and the right to be forgotten.

  • Documentation and Security Audits

    Organizations will be expected to: document and maintain records of their security practices, audit the effectiveness of their security programs, and take corrective measures, where appropriate.

  • Data Breach Notification

    The GDPR has specific requirements about when and how cloud customers have to announce a personal data breach to their regulators and/or impacted individuals.

Personal Data

You can make choices about how Acumatica collects and uses your data. You can control your personal data Acumatica has obtained and exercise your data protection rights by contacting Acumatica or using various tools that we provide.

To opt-out of receiving marketing related communications from Acumatica, please click on the “opt-out” link in the communications you receive. Please note that if you do opt-out of receiving marketing related emails from us, we may still use your contact information to send you important administration messages, such as billing and support. If you wish for us to completely delete your personal record from our database, email privacy@acumatica.com and we will remove it.