GDPR & IT Compliance

New data protection rules from the EU General Data Protection Regulation (GDPR) replace the Data Protection Act in the UK from 25 May 2018.

The government has confirmed that the UK will replace the 1988 Data Protection Act (DPA) with legislation that mirrors GDPR, post-Brexit. This means that any business, big or small, will be required to comply with GDPR - which deals with secure collection, storage and usage of personal data.

GDPR is designed to safeguard personal data of citizens from EU member states, with particular emphasis on transparency and accountability. It applies to all businesses in the EU and non-compliance will lead to substantial fines.

At Fitzgerald & Law, we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights.

Under any compliance regime, it is easy to state compliance but much harder to prove. To this end, we have implemented an information security management system which is certified to the requirements of ISO27001:2013.

What is the Privacy Shield framework?

privacy-shield.jpg

The Privacy Shield framework provides companies with a mechanism to comply with European data protection requirements when transferring data from the EU and Switzerland to the U.S. Developed by the United States Department of Commerce in conjunction with the European Commission and Swiss Administration, Shield certification makes compliance easier for our customers who work across the US and Europe.

What is ISO 27001?

ukas-iso-27001.jpg

ISO 27001 is a security management standard that specifies security management best practices and controls based on ISO/IEC 27002:2013 best practice guide. As an ISO/IEC 27001-certified organization there is a high level of integration between the ISO/IEC 27002:2013 code of practice and the Fitzgerald and Law Information Security Management System (ISMS). The ISO 27001 certification audited by the British Assessment Bureau validates that Fitzgerald and Law

  • Systematically evaluates our information security risks, taking into account factors including the impact of company threats and vulnerabilities
  • Designed and implemented comprehensive information security controls and risk management practices to address company and architecture security risks 
  • Adopted a continuous risk management process to ensure that the appropriate information security controls are in place to meet an evolving threat landscape and risks

F&L has been an ISO 27001-certified organization since May 2018. Click here to view our certificate.

IT Security, Privacy and Data Protection Policy - click here.

You can read our Data Security Policy here.

You can also read our GDPR Privacy Notice for Job Applicants here.

Click here for F&L Financial Services Limited Privacy Notice.

As seen in


AA.png TFT.png CNN.png RAC.png ECO.png SU.png EMM.png TCN.png

Awards & Associations Legal GDPR & IT Compliance Website Privacy Policy Copyright Sitemap

Download our TaxApp

© 2018 Fitzgerald & Law. All rights reserved. Incorporated In England and Wales. Company No: OC300023.


We use cookies on this website, you can find more information about cookies here.