Ansarada and GDPR

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, to increase security, legal and compliance requirements where it relates to the storing, tracking, collection, and use of personal data of individuals within the EU.

The protection of our customers and their data (personal or commercial) is something we take very seriously here at Ansarada, so considerable actions have been taken to ensure we maintain compliance with all regulations.

At Ansarada, we adhere to the principles expressly stipulated by the GDPR. All personal data collected by Ansarada shall be:

• processed lawfully, fairly and in a transparent manner;
• collected for specified, explicit and legitimate purposes;
• kept in a form which identifies data subjects for no longer than is necessary; and
• processed in a way that ensures appropriate security.

We are GDPR ready

Due to the sensitive nature of the data that passes through our products, security and privacy have always been paramount at Ansarada. While the GDPR imposed certain changes, the requirements did not represent a material change to the processes and safeguards we maintained prior.

With that said, our Product, Marketing, Legal and Compliance teams have all worked together to ensure we continue our existing approach of “Privacy by Design” and apply that to the changing laws for the protection of our customers. Other areas we have, and continue to address as part of our GDPR compliance include:

• UX enhancements to our onboarding to ensure users and customers are fully aware and opting in to storing their data with Ansarada.
• Defining, producing, and implementing clear processes for access to personal information by users and customers.
• Reviewing our contractual framework, including assessing any third party arrangements we have in place with agencies, contractors and/or suppliers.
• Auditing and reviews of all systems and software we use to carry out business at Ansarada.

Security & compliance at Ansarada

We maintain ISO 27001 certification; the gold standard for information security management.

While a lot of data that passes through our products does not fall under the scope of GDPR, it is of course confidential information, and therefore handled in accordance to our robust security standards. We are applying the same rigorous standards to the privacy of the personal information we process.

We have a documented process for escalation and reporting of breaches and continue to invest, improve and report these, in line with our ISO 27001 certification requirements.

Secure data management

Ansarada data is hosted on the Amazon Web Services (AWS) platform, whose infrastructure guarantees the following data security:

• All data is stored and encrypted at rest with 256-bit encryption
• File level encryption with information rights management policies to track, expire and prevent printing of documents
• Virtual elimination of risks from Trojan viruses, worms, and application vulnerabilities
• All data uploaded into the Data Room is encrypted through HTTPS/SSL
• The Ansarada platform is multi-tenant guaranteeing data segregation that ensures privacy
• 99.98% system availability

AWS has the following information security certifications to ensure information stored by Ansarada is fully secure.

• SOC 1/SSAE 3402
• SOC2
• SOC 3
• FISMA, DIACAP, FedRAMP
• PCI DSS Level 1
• ISO 27001
• ITAR
• FIPS 140-2

In addition:

Ansarada supports single sign on and multi-factor authentication.

If you would like to discuss our GDPR status further please get in contact with our legal and compliance team: [email protected] or our Data Protection Officer, Chris Bullock: [email protected]