GraphAware may from time to time during client engagements be asked to legitimately process client data that includes data that can identify individuals ("personal data"). The General Data Protection Regulation (GDPR) governs the processing of personal data and applies to both electronic systems storing and holding personal data as well as manual filing systems where personal data is accessible.
GraphAware places the highest priority on protecting and managing data, especially that of its clients and employees and has policies in place that have been updated and reviewed to ensure the requirements of GDPR are addressed so that:
Regarding the processing of client data that may contain personal data, GraphAware will in accordance with GDPR requirements:
Finally, GraphAware requires all its consultants and employees to use strong passwords that are changed periodically, and that all electronic systems and devices operated by ourselves, our consultants and employees are fully secured in line with industry best practice, including but not limited to:
GraphAware does not have a dedicated Data Privacy Officer but the Head of Operations will be responsible for the day to day compliance with GDPR and its requirements under Articles 38 and 39, with the support of our legal advisors.
Should you have any further questions regarding this GDPR statement then please contact [email protected]