×
EU GDPR Overview
European Union General Data Protection Rule compliance (GDPR) is required by any organisation
that either does business in the EU or collects, processes and stores personal information of
EU citizens. The Rules became enforceable from May 2018 when the UK was still in the EU and they
are more stringent than preceding legislation. Compliance was compulsory so each member state did not
have to ratify them into its own law. Since Brexit, the UK have continued with the adoption of EU GDP Rules
The EU GDP Rules are not that prescriptive in terms of the technology controls required, rather stating that
appropriate organisational and technological controls must be in place to protect sensitive data.
Encryption is of course essential but organisations must understand their business operations and their data
movement to best determine which controls, either technical or procedural can deliver the most effective method
for ensuring DPR compliance.
Data Processers and Data Controllers
The Rules also introduce the concept of Data Processers and Data Controllers. A Data Processer is the designer
and owner of the software. Back Office Solutions Ltd (BOSL) is by definition, a Data Processor. The responsibility
of BOSL is to ensure that the technical controls are in place such as encryption, firewalls, password masking etc.
The Data Controllers are the individual users within our client companies. It is important that each user understands
their responsibilites under the rules to keep client data safe and then act accordingly when using the systems.
Data Protection Officers (DPO)
We have appointed Mr Anthony Preece as our DPO for monitoring compliance with the EU GDPR and other data protection laws
that may apply to Broker Back Office.
Privacy by Design
The Rules introduce the concept of Privacy by Design, which requires that all strategies and controls put in place
for ensuring compliance must take the need for data privacy as the core, to shield them from damaging data breaches
and possible sanctions. With this in mind and whilst not an exhaustive list BBO has the following controls in place.
Email Address Verification
All our users have a unique username i.e the email address itself.
User Set Passwords
Passwords set by the users themselves using registration forms rather than old practices such as being given passwords to change in their profile after login.
Password Encryption
We use 256 bit technology to ensure that passwords cannot be hacked and aggressive firewalls to filter unusual activity.
Password Masking
To ensure that people use strong words with unusual combinations. Follow up verification using the memorable word with random combination digits or captures to protect against internet hacking attempts by robots. If a password is forgotten it can only be reset using secure methods and email verification.
Managed Servicement Agreements
All our client companies have to sign an agreement to assure us that they understand their obligations and responsibilities
under the EU GDPR. We also recommend that our client companies do the same with their users.
A Breach Register
To record any diagnosed misuse by registered users.