Our Compliance with GDPR

Thank you for your interest in how Fifosys Ltd has prepared for GDPR.

We take data protection and data privacy very seriously, as we know you do, too. At Fifosys, we have held our ISO27001 certification for data security for the last 7 years.

As a result, we have a proven track record for correctly managing data as well as associated policies and procedures around its protection.

Our thorough, company-wide GDPR compliance programme is complete as of 1st May 2018. Please note this is an on-going process we will need to address as the requirements evolve from the ICO. This programme has been specifically tailored to ensure we meet our obligations under the GDPR. We will continue and indeed improve the quality data protection practices we have developed across the company.

In particular, our compliance programme includes the following steps:

 

Customer Contract Amendments

We have been making GDPR-ready amendments, of which will be implemented where needed across our customer contracts. These amendments will ensure customer agreements are updated where necessary in compliance with GDPR and any data moving between Fifosys Ltd and our customers is done lawfully.

 

Vendor Contract Agreements

We have carried out similar contract reviews and update processes for our network of vendor agreements.

 

Education and Training

We have produced a new set of GDPR-compliant guidelines and internal policies. These detailed materials each address a different Fifosys Ltd business function, and set out how our global Data Privacy Policy and core data processing principles apply in practice. They are carefully designed to enhance employee awareness of the GDPR and ensure any relevant obligations under new legislation are understood and met day-to-day.

To take one example, our 'Privacy by Design Guidelines' help ensure privacy concepts are 'built in' to systems, projects and products at the outset, setting out the requirements for Privacy by Design by Default by identifying key issues to consider and questions to ask before commencing a new project involving the processing of data.

Our education and training sessions regarding GDPR and data security are run on a regular basis. As a minimum, all employees attend refresher training annually.

 

Data Transfers

We have revised our data transfer solutions where necessary to bring them in line with the new GDPR requirements for cross-border transfers, both inside and outside the EMEA.

 

IT Security

As part of continuous IT Risk Management and Security Compliance program, the GDPR requirements have been folded into our wider data privacy controls to ensure all stakeholder data, whether internal or external, is suitably managed and protected. In addition, we have analysed our existing range of products and services with a focus on GDPR requirements and compliance. Our products and services are designed with network security in mind and, depending on the product, are specifically engineered to help you assess and address the security of your network - a key step on the road to meeting your GDPR compliance obligations. And, to the extent the products and services we offer involve the processing or storage of your (or your customers') personal data, we have a number of safeguards in place to ensure this processing activity is carried out legally. Importantly, Fifosys Ltd does not engage in high-risk processing activities.

In closing, the GDPR is a major priority for us, just as it is for you. We appreciate the importance compliance plays for you, and should you require assistance or have any further questions please get in touch.

James Moss

Technical Director

James Moss