New data protection rules from the EU General Data Protection Regulation (GDPR) replace the Data Protection Act in the UK from 25 May 2018.
The government has confirmed that the UK will replace the 1988 Data Protection Act (DPA) with legislation that mirrors GDPR, post-Brexit. This means that any business, big or small, will be required to comply with GDPR - which deals with secure collection, storage and usage of personal data.
GDPR is designed to safeguard personal data of citizens from EU member states, with particular emphasis on transparency and accountability. It applies to all businesses in the EU and non-compliance will lead to substantial fines.
At Fitzgerald & Law, we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights.
Under any compliance regime, it is easy to state compliance but much harder to prove. To this end, we have implemented an information security management system which is certified to the requirements of ISO27001:2013.
What is the Privacy Shield framework?
The Privacy Shield framework provides companies with a mechanism to comply with European data protection requirements when transferring data from the EU and Switzerland to the U.S. Developed by the United States Department of Commerce in conjunction with the European Commission and Swiss Administration, Shield certification makes compliance easier for our customers who work across the US and Europe.
What is ISO 27001?
ISO 27001 is a security management standard that specifies security management best practices and controls based on ISO/IEC 27002:2013 best practice guide. As an ISO/IEC 27001-certified organization there is a high level of integration between the ISO/IEC 27002:2013 code of practice and the Fitzgerald and Law Information Security Management System (ISMS). The ISO 27001 certification audited by the British Assessment Bureau validates that Fitzgerald and Law
- Systematically evaluates our information security risks, taking into account factors including the impact of company threats and vulnerabilities
- Designed and implemented comprehensive information security controls and risk management practices to address company and architecture security risks
- Adopted a continuous risk management process to ensure that the appropriate information security controls are in place to meet an evolving threat landscape and risks
F&L has been an ISO 27001-certified organization since May 2018. Click here to view our certificate.
IT Security, Privacy and Data Protection Policy - click here.
You can read our Data Security Policy here.
You can also read our GDPR Privacy Notice for Job Applicants here.
Click here for F&L Financial Services Limited Privacy Notice.