At Fusion GBS, we take our obligations to keep data safe very seriously. Both the privacy and security of personal data are a key factors in our GDPR compliance. This means we follow and meet the requirements of the UK Data Protection Act 2018 (UK-DPA) and the EU-GDPR. To validate this approach, all our locations are certified to ISO 27701:2019 (Privacy Management) to ensure all our data is handled appropriately.
We recognise that data subjects have specific rights under Section 45 of the UK Data Protection Act 2018 and Articles 15-21 of the EU GDPR. As part of our ISO 27701 compliance, we have processes in place to support these rights and are ready to react and respond to any users who wish to action these rights either with us directly or through a third party.
Data Processing is a key part of our GDPR compliance. Fusion GBS acts both as a controller and a processor, and in some cases as a sub-processor. We regularly and routinely conduct Data Processing Agreements (DPAs) and Data Processing Impact Assessments (DPIAs) as part of engagements with customers and suppliers, and key stakeholders assess processing risks in line with our Technical and Organisational Measures (TOMs).
Data Import and Export
Whether data is in transit or at rest, data transfers require both technical and legal protections when crossing international boundaries. When exporting data (either as a controller or a processor), Fusion GBS makes appropriate arrangements that include Transfer Impact Assessments (TIAs), International Data Transfer Agreements (IDTAs), and UK and EU Standard Contractual Clauses (SCCs) both as a controller and a processor.