Wirefast is committed to compliance for when the GDPR law comes into effect on the 25th of May 2018, this includes building GDPR into current and future contractual commitments. Wirefast GDPR compliance has required the evolution of our current information security management system (ISMS); clarifying, improving and maintaining key data protection and privacy controls.
This journey is an active process and will continue up to and after the enforcement date.
Efforts have been made in the following areas:
Further understanding the historical and future data we collect, process, hold and share in the context of GDPR. This includes mapping both the data and access as part of our current ISMS while introducing metadata tags regarding legal basis, privacy and consent.
Governance and Process
In addition to our current governance, risk and compliance strategy the GDPR has provided an opportunity to review and improve processes. We are committed to bringing in both Privacy by Design and Data Privacy Impact Assessments into our current GRC process.
Wirefast strives to improve our security, maintaining privacy for the data we hold and ensuring appropriate security across our partners and supply chain. GDPR and wider security compliance are not static operations and we will continue to improve our operational processes in response to 3rd party audits.
Our Commitment to Compliance
- Commitment to meet all regulatory requirements where appropriate, an active process as further clarification is offered by the ICO and courts Build new regulation into current information security management system (ISMS) as part of continued commitment to security and privacy.
- Continue along our journey to achieve compliance for GDPR by 25th of May 2018.
- Plan and prepare to continually improve our policies beyond May 25th 2018
- Maintain security and privacy of our data and our client’s data to industry standard best practise / applicable laws.