This statement was last updated on: 19th March 2020
Data security is the new sexy. Ok, it’s not, but there's nothing more important to us than the confidentiality and sensitivity of your or your client's financial data. That's why we're a shining example of how to implement GDPR.
What is GDPR?
Over the last few decades, a bunch of companies and individuals have acted like total douchebags with your data. Selling your email address to the highest bidder. Playing fast and loose with how they store your data. Spamming you with offers of nude pics of Britney Spears and herbal viagra. That kind of thing. While that made a whole bunch of 40-something guys very happy, everyone else was pretty fed up. Well, the EU - who really don't like Britney Spears or herbal viagra - did something to stop all these unwanted emails. That 'thing' was the snappily titled, General Data Protection Regulation, a.k.a. GDPR or to give its sexy European Union regulation number - 2016/679. The regulation strengthens data protection laws and rights for EU citizens by forcing companies to be more transparent about what they do with your data. In English, it means companies need to be more mindful about how they collect and use your data.
When did GDPR take effect?
Why does this affect me?
GDPR applies to anyone who holds or processes the data of an EU citizen. GDPR applies regardless of whether you are based in the EU or a third country and enhances the data rights of all EU citizens. If you're having trouble sleeping, you can read more information on the EU's website.
Futrli as a controller and a processor Ok, technical jargon time. For the purposes of GDPR, Futrli is designated as a controller and a processor (sounds very Blade Runner, we know). Data controllers are companies that decide how personal data is collected, used or tracked from EU citizens. If you're an accountancy client, you are likely a controller for the data you collect and use on Futrli. Futrli also acts as a controller when collecting and using your personal information. Data processors are companies that process data on behalf of data controllers. Again, if you're an accountancy client, as you will most likely be processing information for your clients, it is possible that Futrli is also a data processor for these types of data activities. As a customer data platform, Futrli is considered a data processor. We will be ready for the GDPR as both a data controller and when acting as a data processor on your behalf.
How is Futrli complying with GDPR?
We believe GDPR is a great thing for businesses and consumers, and we've done a lot to take our role as a data controller and processor seriously.
We have nominated a Data Protection Officer (DPO) who is responsible for GDPR compliance within Futrli. You can talk to them here.We ensure any vendors or third-party companies we use are also GDPR compliant.
We ensure we are compliant with international security standards (ISO 27001).
We train all staff on the requirements of GDPR and data privacy procedures.
What is an adequacy decision?
An adequacy decision allows for data to flow from an EU country to a third country on the basis that the data protection regulation in that third country is sufficiently adequate to safeguard the rights of an EU data subject. Once the EU Commission has determined that a country has sufficiently adequate data protection laws in place, transfers may occur between the EU and the third country as if the country was an EU member state.
What is the EU-US Privacy Shield?
We so wish this was a new Marvel franchise, but sadly it's not. The EU-US Privacy Shield is a framework that allows for data transfers from the EU to the US whilst protecting the rights of EU data subjects. This framework ensures that you, as an EU subject currently, keep your fundamental data protection rights when your data is transferred to the US. Basically, it ensures the companies in the US who receive data from the EU comply with strong data protection requirements.
Where is my data stored?
If you are a British or EU citizen and have informed us as such, your personal data will be stored, processed or transferred to/on servers based in the European Economic Area ("EEA"), on servers based in countries which comply with the European Commission's adequacy decisions or in the US in accordance with the EU-US Privacy Shield. This ensures your data is protected within the regulation.If you are not a British or EU citizen and have informed us as such, your personal data will be stored, processed or transferred to/on servers based in Australia, on servers based in the European Economic Area ("EEA"), on servers based in countries which comply with the European Commission's adequacy decisions or in the US in accordance with the EU-US Privacy Shield. (No, that's not an echo. We handle your data using the same high standards, even if you're not a British or EU Citizen.)When using third party providers to support the services we provide to you, we ensure that any third party is fully compliant with the GDPR as required by law.
How do I make a query about my or my client's data?
If you have any queries regarding any of your or your client's personal data, you can contact us at email@example.com with your request. We will respond within 30 days of us receiving your message.
Is Futrli GDPR compliant?
Futrli is fully GDPR compliant. We've got a badge and everything. Or we would have... if there was a badge. There should totally be a badge for this.
Are you registered with a Data Protection Authority?
Yes, we're registered with the Information Commissioner's Office in the United Kingdom under the company name HAMY LTD. Any other questions? If you have any further questions, feel free to contact our Data Protection Officer at Futrli. You can email them at firstname.lastname@example.org.