GDPR & IT Compliance

New data protection rules from the EU General Data Protection Regulation (GDPR) replaced the Data Protection Act in the UK from 25 May 2018.

The UK Government replaced the 1988 Data Protection Act (DPA) with legislation that mirrors the EU GDPR, post-Brexit. This means that any business, big or small, is required to comply with GDPR - which deals with secure collection, storage and usage of personal data.

GDPR is designed to safeguard personal data of citizens from EU member states, with particular emphasis on transparency and accountability. It applies to all businesses in the EU and non-compliance will lead to substantial fines.

At Fitzgerald & Law, we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights.

Under any compliance regime, it is easy to state compliance but much harder to prove. To this end, we have implemented an information security management system which is certified to the requirements of ISO27001:2013. We are also Privacy Shield Certified.

What is the Privacy Shield framework?


The Privacy Shield framework provides companies with a mechanism to comply with European data protection requirements when transferring data from the EU and Switzerland to the U.S. Developed by the United States Department of Commerce in conjunction with the European Commission and Swiss Administration, Shield certification makes compliance easier for our clients who work across the US and Europe.

What is ISO 27001?


ISO 27001 is a security management standard that specifies security management best practices and controls based on ISO/IEC 27002:2013 best practice guide. As an ISO/IEC 27001-certified organisation there is a high level of integration between the ISO/IEC 27002:2013 code of practice and the Fitzgerald & Law Information Security Management System (ISMS). The ISO 27001 certification audited by the British Assessment Bureau validates that Fitzgerald & Law:

  • Systematically evaluates our information security risks, taking into account factors including the impact of company threats and vulnerabilities
  • Designed and implemented comprehensive information security controls and risk management practices to address company and architecture security risks 
  • Adopted a continuous risk management process to ensure that the appropriate information security controls are in place to meet an evolving threat landscape and risks

F&L has been an ISO 27001-certified organisation since May 2018. Click here to view our certificate.

  • You can read our IT Security, Privacy and Data Protection Policy - here.
  • You can read our Data Security Policy here.
  • You can also read our GDPR Privacy Notice for Job Applicants here.
  • F&L Financial Services Limited: click here to view the Privacy Notice and click here to view the GDPR Factsheet.

As seen in

AA.png TFT.png CNN.png RAC.png ECO.png SU.png EMM.png TCN.png