Execu/Tech Systems, Inc.
Knowledgebase
Search:
850-747-0581EmailWebsite
Contents
 
IndexBookmarkPrint This Article

Home > System Requirements > Data Security

GDPR Concerns

Wikipedia information

For customers concerned about the European Union's General Data Protection Regulation (GDPR), here is some information that should help you determine if Execu/Tech's software fits within your compliance plan.
  • Guest data is stored in an encrypted database.

  • NEVER enter a guest's personal information into a field not designed for it. This includes names, addresses, phone numbers, email addresses, birth days, etc.

  • NEVER enter credit card information into a field not designed for it.

  • To limit access to guest's personal data, be sure that all employees have their own login IDs and passwords and that these login credentials aren't shared. Not only will this help limit access to this data, it also allows the software to determine who has accessed the data.

  • Guest's information 

  • Backup archives of the database are again encrypted and password protected on the PMS server.

  • Backup archives are transmitted over a secured connection to the Execu/Tech cloud storage. 

  • Backup archives are stored in the Execu/Tech cloud storage are on Bitlocker encrypted drives.

  • Backup archives are only accessible to Execu/Tech staff, the backup application on the customer's server or via as-needed temporary FTP access provided to the customer or their approved IT professional.

  • Backup archives are stored for 7 days, one for each day of the week. This means that if a guest requests that their personal information be removed from the database, it will take 7 days for this to be reflected in the archives, as a new backup archive which no longer contains this data replaces the older archives.


Execu/Tech Systems is not an IT company or a data security company. You are encouraged to seek advice from experts in these fields to determine the best practices for your company. 

Execu/Tech software DOES NOT store sensitive credit card data unless the software is misusedDO NOT enter credit card data into notes, comments, or any other field not used to process credit card data. ONLY enter credit card data into fields provided for secure processing of credit cards. The methods used by Execu/Tech to process credit card transactions places its software outside the scope of PCI. 

While Execu/Tech software encrypts guests information, you should still follow industry standard guidelines to ensure better data security.

Here are a few guidelines:
  • Your business network should be separate from the guest network.

  • If possible, use separate internet connections for the business and the guests. 

  • Use PCI minimum recommendations for Windows User Passwords.

  • Use a reputable Anti Virus application and keep it updated.

  • DO NOT allow guests or any other unauthorized person to access a computer that also has access to the business network. 

  • Limit the staff's access to the internet to only essential sites. 

  • When possible, we recommend using BitLocker or similar technology to secure your data. 

  • If you require encrypted data transmission use a reliable VPN connection between the client and server.

  • If you're using Microsoft's RDS, be sure to use an SSL to encrypt the session.
There are many other steps you can take to ensure the security of your computers, network and data and you should consult with experts to be sure you are doing all you can do.





Article ID
 data_security
Views
 1222
Last Modified
 5/24/2018 4:30 PM