axis diplomat, axis payroll & GDPR


Is axis diplomat/axis payroll GDPR compliant?

No software product is “GDPR compliant”. It is the data you hold, your policies and processes as a data controller which contribute to your organisation’s GDPR compliance. axis diplomat does however provide a range of facilities which may assist you to meet your obligations under GDPR including controlling access to data and “right to be forgotten”.

Is the data held in axis diplomat or axis payroll likely to fall within the scope of GDPR?

Almost certainly. Since the scope of “personal data” under GDPR is significantly expanded from the Data Protection act which it supersedes, it is our view that almost any axis diplomat system and all axis payroll systems will hold some elements of “personal data”.

What “personal data” am I likely to be holding in axis diplomat?

“Personal data” is now defined as anything which can identify an individual. This includes something as apparently innocuous as an email address (regardless of whether it is a personal email address or a corporate/work email address which identifies an individual) so that would encompass many, if not all, of your customer and supplier contact email addresses.

What tools are available to assist my organisation implement good data security / information management within axis diplomat?

There are many aspects of axis diplomat’s functions which can assist you in implementing your policies and procedures. Examples are:

  • Integration of axis diplomat user accounts with MS Windows Active Directory to ensure a high degree of user authentication prior to accessing the axis diplomat software.
  • The ability to disable user accounts.
  • The ability to restrict access to individual functions by axis diplomat user group or individual user account.
  • The ability to disable the ability to export data to Excel or csv files from axis diplomat list views on an individual user basis.
  • The ability to anonymise data should you need to implement the ‘right to be forgotten’ (axis diplomat 2016 or later).

What new functionality has been added to axis diplomat for GDPR?

Across the business world, the arrival of GDPR has caused a general focus on data privacy and security concerns. As a result, a number of enhancements have been made to axis diplomat and/or axis payroll with a view to improving security. Some of these enhancements are directly related to helping our clients meet their obligations under GDPR whilst others are changes aimed at general improvements to security.

View the latest Security-Related Updates for axis diplomat and axis payroll »

Further enhancements are expected so be sure to keep up-to-date with the latest developments. How to keep updated »

Is axisfirst GDPR compliant?

There is no GDPR compliancy badge or certification. Compliancy can therefore only be established through internal and external audit of an organisation’s information security management. The International Standards Organisation (ISO) provides a specification for an information security management system (ISMS) known as ISO 27001. (An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.) axisfirst is utilising the ISO 27001 standard in order to demonstrate its practice in managing data protection.

Does axisfirst hold any copies of my data?

axisfirst often has one or more copies of a client’s axis diplomat data. These copies are held (and secured) within our network. We use this data for the following purposes:

  • To provide the axis SoS (Safe off-site Storage) backup service for axis diplomat and axis payroll systems (typically as a part of your business continuity / disaster recovery plan).
  • To provide support services (using the data to carry out investigations into reported problems, suspected software bugs or unexpected behaviour).
  • To check compatibility when developing and testing software.
  • To provide helpdesk and consultancy advice to you.

In this regard we act as a data processor for You, the data controller. Should you, for any reason, wish axisfirst to delete all copies of the data we hold we on your behalf, we undertake to do this on receipt of a written request from a Director or authorised officer. Should axisfirst cease to provide any services to you, we may permanently delete all copies of your data held by us immediately and without further notice.

Is any of my data ever exchanged between axisfirst and third parties?

When developing or testing software which interfaces with third parties with which you interact (e.g. a partner with which you trade, your carrier, your eCommerce provider or HMRC) then relevant data will need to be transmitted between us and those third parties. All data held within your licensed axis diplomat or axis payroll systems belongs to you and all of that data is treated by us as confidential to your organisation.

Other Useful Links

Call Back
This site uses cookies. By continuing to access this site you are accepting the use of cookies by this site.
Read more about cookies...

Cookies are small text files stored on your device when you access most websites on the internet.

This Website uses cookies in order to make the Website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how the Website is used so that we can make sure it is as up to date, relevant and error free as far as we can. Further information about the types of cookies that are used on this Website is set out in the box below.

By using this Website you agree to our use of cookies. You can choose to restrict or block cookies set on the Website through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit Please note that certain cookies may be set as soon as you visit the Website, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies set on the Website may impact the functionality or performance of the Website, or prevent you from using certain services provided through the Website. It will also affect our ability to update the Website to cater for user preferences and improve performance.

We don’t sell the information collected by cookies, nor do we disclose the information to third parties, except where required by law (for example to law enforcement agencies).

We may sometimes embed content from 3rd party websites such as YouTube. As a result, when you visit a page containing such content, you may be presented with cookies from these websites. We do not control the dissemination of these cookies and you should check the relevant third party's website for more information.

Cookies We Use

Cookie Description
CookieConfirm The presence of this cookie is used to remember the fact that you have confirmed that you are happy to accept cookies
ASPSESSIONIDxxxxxxxx This is a Session Cookie (session cookies are temporary and are erased when you close your browser). It identifies you from one page to the next and is used, for example, to keep track of your logged-in status.
UserID, account, password These cookies are used to remember your login credentials for when you next visit our website. They are only created if you choose the “Remember Me” option on the login page.
_utma, _utmb, _utmc, _utmz These are cookies created by Google Analytics and are used to provide us information on which web pages are the most popular, and the most popular search terms used by visitors arriving at our site.