MyFirmsApp’ response to GDPR

Terms  

MFA is MyFirmsApp
Client is our paying customer
End user is the user of our clients App under license from MFA

Introduction

The General Data Protection Regulation (GDPR) is the result of many years work by the European Union to unify and strengthen data protection for all EU citizens. As taking care of your and your customers’ privacy is our number one priority, we are gladly reporting that MyFirmsApp is working towards full GDPR compliance and has already developed the App to help our customers collect data in a complaint manner.

Working towards full GDPR what does it mean?

GDPR regulates the processing of personal data in the European Union (its collection, storage, transfer or use). Under the GDPR, the concept of “personal data” is broad and covers any person-related information that can be used to identify them.

The important thing is that GDPR applies to every organization that processes personal data of the EU citizens, even if it’s located outside of the EU. What it means is that GDPR gives you more control over how your data is used.

We have updated our Terms and Conditions and Privacy Policy documents. They are now more customer-friendly and they address the data regulations introduced by the GDPR, so don’t hesitate to check them all out!

Presently we are concluding one or two final system changes and working with leading lawyers to complete our GDPR compliance along with internal audit.

General Data Protection Regulation: two-way agreement

We are dedicated to help our customers become GDPR compliant as well and have worked on providing a data collection mechanism in the App that is compliant. Here is a guide to GDPR that we have written for GDPR compliance that will help you better process and control your client data – available here.

There’s one more thing: as we know how important this topic is, don’t hesitate to email us [email protected] – we will be more than happy to provide you with any additional information that you may require!

How is the personal data you hold, or have access to, arising out of the service you provide to clients handled or otherwise processed?

Data obtained in the App we supply

This has been carefully designed to be collected and held in compliance with GDPR and we use confirmed, explicit consent only within the App when collecting data on your behalf.

Prospect Data

MyFirmsApp holds the data of potential customers or prospects, and is processing this data on the basis of implied intent given that legitimate interest was requested at the point of signing up.

Customer Data

MyFirmsApp holds the data of current clients under the basis that this is necessary for product and service deliver.

Has MFA completed data mapping and do we know the details of how and where personal data relating to the service we provide is stored?

Yes MyFirmsApp has completed a data mapping process and we do know the details required.

Does MFA test their systems?

We regularly assess our security procedures across our product range, on both externally and internally facing systems. This involved penetration tests and vulnerability at major change points / intervals. Operating within the shared responsibility model with our partner Amazon Web Services, their experienced team are also responsible for ensuring their network and infrastructure is absolutely secure – and trusted by giants in the tech industry, you can imagine this is something they don’t take lightly.

In addition to tests / audits, all data is securely encrypted in transit and key architectural practices RE security are implemented.

Does any of the personal data, relating to the services we provide clients, get transferred outside of the UK?

All data we store is held in AWS controlled data centres in Ireland.

You can read more about AWS GDPR capabilities and responses here – https://aws.amazon.com/compliance/gdpr-center/

You can read more about the AWS shared responsibility model here – https://aws.amazon.com/compliance/shared-responsibility-model/

What has MFA done with items older than the destruction period? 

We can confirm that MFA has deleted and securely disposed of all items outside of the destruction period.

Data breach

MFA has a detailed procedure in place with rules on any personal data breach with clear lines of reporting. If the breach impacts an individual client then we will contact that client to report that breach if required.

Contract clauses and applicable policies for employees  

Our contracts and policies for all staff have been reviewed and are compliant with GDPR and where required employees have received GDPR awareness training sessions.

When did MFA last undergo a GDPR audit?

MyFirmsApp has recently undergone (May 2018) a GDPR audit and is currently implementing the recommendations.