After four years of preparation and debate the GDPR (EU General Data Protection Regulation ) was finally approved by the EU Parliament on 14 April 2016. The enforcement date is 25 May 2018 – at which time those organisations in non-compliance may face heavy fines.
The GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. This change affects all our clients.
Responsibility for complying with the Directive rests with the data controller. As you are the data controller in respect of personal data you store on MovieSite, it is your responsibility to ensure compliance with the data protection law of your home country. Organisations outside the EU must comply if they store personal information of any European citizens.
MovieSite is supplied by openbrolly (Strategic Integration Limited).
How does MovieSite ensure secure storage of the data I hold?
Data that is transferred between your browser and our servers is encrypted using SSL. We use strong encryption and will drop support for old browsers that do not comply with strong encryption standards.
MovieSite and your data is hosted on Amazon Web Services (AWS), a global leader in Infrastructure as a Service (IaaS), within the EU. Physical access to the data centres is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.
Amazon maintain multiple certifications for its data centres, including ISO 27001 compliance, PCI Certification, and SOC reports. There is more information at https://aws.amazon.com/security
We continually update MovieSite and all clients automatically have access to the latest version of the software.
Our servers are monitored for unusual activity and availability.
Who can access my data?
Our clients can control who accesses the information in their MovieSite database, and users can have access filtered to limit access to specific records. The MovieSite support team can advise on your current user list. Your organisational administrator can also access this list. You should advice the MovieSite support team if a member of staff leaves or no longer requires access to MovieSite.
Backoffice access is geographically limited.
Openbrolly staff and suppliers do not have access to MovieSite backoffice passwords or the ability to login to your account. We can access your environment as an administrative user if we need to resolve a specific issue or implement a feature, as requested by you.
In order to provide the service, we do have authorised operations staff with access to the underlying infrastructure and therefore the underlying data in raw form. However we never access specific client data unless we are working with the client to investigate a problem. Such access is strictly limited through authentication and restriction to specific premises.
Will my data be shared with third parties?
How can I get a copy of the data I store in my MovieSite environment and will it be in a format I can use?
You may wish to audit your information locally. We can provide your data securely in alternative formats if required – such as CSV.
How is my data protected from accidental destruction?
We make multiple “snapshots” of your data each day. We also replicate data in real time to another location.
In the event that one of your users accidentally deletes a record it can be restored by our support team for up to 30 days.
Can I get access to my data where and when I want it?
We aim to make MovieSite available 24/7. Logins may be limited to a specific geographic region, so please contact us if you will need to access MovieSite from another country.
In what countries does openbrolly process your data and what safeguards are in place at these locations?
Your data will only be transferred to a country that the European Commission has determined provides an adequate level of protection, or to service providers who have an agreement with us committing to the Model Contract Clauses defined by the European Commission, or certified under the Privacy Shield.
Our servers and your data are hosted securely in Amazon’s EU data centres.
Will openbrolly only process data in accordance with my instructions?
Yes. If you have specific requirements, please contact us to discuss.
What is openbrolly doing to prepare for GDPR?
We are building on our existing data protection work. Changes will include:
- The addition of additional consent for members of the public submitting their information to a MovieSite database.
- Reviewing our retention periods for backups of data.
- Reviewing functionality within MovieSite to help clients manage their data.