GDPR – How do we comply?
Understanding GDPR
The European Union General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, replacing the Data Protection Directive 95/46/EC. GDPR aims to harmonise data privacy laws across Europe, safeguard the personal data of EU citizens, and reshape how organisations, like FXellence, manage data privacy. By strengthening data protection measures, GDPR empowers individuals with greater control over their personal information.
Scope of GDPR
GDPR applies to the processing of personal data by controllers and processors within the EU, regardless of whether the processing itself occurs within EU borders. Additionally, GDPR extends its reach to organisations outside the EU that process personal data of individuals located in the EU, especially when offering goods or services to EU citizens or monitoring their behaviour. This broad scope ensures comprehensive data protection for EU residents, no matter where their data is processed.
Privacy by Design
Privacy by Design is a foundational principle of GDPR, advocating for the integration of data protection measures from the earliest stages of system design, rather than as an afterthought. At FXellence, we implement appropriate technical and organisational measures to meet GDPR requirements and protect the rights of data subjects. We practice data minimisation by holding and processing only the data necessary for our services and restricting access to personal data to those with a legitimate need.
Strengthening Consent
The conditions for obtaining consent under GDPR have been significantly enhanced. At FXellence, we ensure that requests for consent are presented clearly, intelligibly, and accessibly, with the purpose of data processing explicitly stated. Consent is separate from other matters and written in plain language, making it as easy for individuals to withdraw consent as it is to give it. Our redesigned consent process prioritises clarity and user-friendliness to ensure our users are well-informed.
Right to Access
GDPR grants data subjects expanded rights, including the right to access their personal data. At FXellence, we ensure that data subjects can request confirmation about whether their personal data is being processed, where, and for what purpose. We provide a copy of the personal data, free of charge, in an electronic format.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten empowers data subjects to request the deletion of their personal data. At FXellence, we evaluate these requests and ensure that personal data is deleted when it is no longer needed for its original processing purpose or when consent has been withdrawn. We consider the public interest in data availability when handling these requests.
Data Storage Duration
We are committed to minimising data retention periods and only storing personal data for as long as necessary to fulfil its purpose. To ensure compliance, FXellence's Privacy Officer conducts quarterly internal reviews of data storage periods. This proactive approach helps us maintain efficient data management practices.
Data Storage
At FXellence, we have partnered with reputable IT suppliers to host our platform. We establish written agreements with these suppliers to guarantee data protection rights are upheld.
Maintaining GDPR Compliance
FXellence's Information Security Officer is responsible for overseeing our data protection practices. The Information Security Officer ensures our organisation complies with all applicable regulations. We conduct quarterly internal privacy reviews to assess the processing of personal data, identify potential risks, and implement necessary measures to mitigate these risks.
Breach Notification
Under GDPR, breach notifications are mandatory in all member states if a data breach poses a risk to individuals' rights and freedoms. At FXellence, should a data breach occur, we will notify affected individuals and relevant supervisory authorities within 72 hours, ensuring prompt and transparent communication.