Today, outsourcing is without a doubt one of the key components of a successful company.
We Are Fiber follows the GDPR procedures to protect customer data
On May 24, 2016, the General Data Protection Regulation (GDPR) or The Regulation (EU) 2016 / 679 was introduced. The GDPR provided a new approach to privacy, outlining a united data processing protection law. This was in response to the unique challenges arising from technological evolution and globalization.
The legislation contained in EU Regulation 2016/679 aims to protect the confidentiality of personal data, preventing the potential damage and harm caused to fundamental freedoms and personal dignity through its incorrect use.
This legislation is particularly relevant for any company that processes a plethora of personal data daily, most of the time concerning the identification and payment information of customers and employees.
Fiber Group offers your company a reliable partnership where all your privacy requirements are ensured according to the ever-adapting privacy context.
How to protect personal privacy data?
The data processed by Fiber Group is indispensable for the provision and management of services. It can be used by staff, ensuring compliance with professional and organizational protocols and ensuring the rights of all interested parties (articles 12 to 22 of the GDPR). Following the provisions of the GDPR, Fiber Group ensures your business operates on the principles of legitimacy, correctness, lawfulness, essentiality, and relevance, and prudence concerning the data collected.
One of the most significant innovations of the Regulation is the introduction of the principle of accountability, which assigns data controllers to prove compliance with the principles applicable to the processing of personal data.
To implement the principles above, Fiber Group, protects data from the design stage, through the preparation of adequate technical and organizational measures (By Design), to guarantee, only necessary data for specific purposes is processed (By Default).
Fiber Group Sh.pk takes the rigorous certification path
Thanks to the rigorous approach to privacy, security, and compliance provided by the GDPR, Fiber Group Sh.pk has an extensive compliance portfolio in the sector.
After a period of document implementation in compliance with the rules of the GDPR 679/2016, Fiber Group Sh.pk went through internal first-party audits. Second-party audits, performed by their commercial partners followed, and finally they went through an independently-requested third-party review, performed by a certifying body. Through this rigorous process, Fiber Group Sh.pk was issued a certification of its compliance with the GDPR 679/2016.
Furthermore, in full compliance with the requirements for the assessment and treatment of information security risks, Fiber Group has also obtained the ISO / IEC 27001 certification.
Staff training and awareness
The company organizes various training opportunities around the topic of security data, including courses for employees, ensuring that personnel with specific security responsibilities and privileged access to corporate security systems are adequately trained and qualified. It is essential to ensure that staff and suppliers are respectfully aware of their responsibilities regarding data security.
We know the position of the Data Protection Officer
Regulation (EU) 2016/679 introduces the figure of the Data Protection Officer (Responsible for data protection); Fiber Group has designated the data protection officer, whose tasks are indicated in a timely manner in the GDPR in Article 39. These tasks are essentially three: to inform, monitor and cooperate.
The Regulation establishes the need to appoint the Data Processing Manager (RTD), that is the person or body that processes personal data on behalf of the data controller. For these reasons, the designation of the DPO was essential for Fiber Group, which pays maximum attention to the processing of personal data.
The DPO has the task of informing and providing advice to the owner or manager of the intervention and to the employees who carry it out. They must also monitor compliance with the effective protection and storage of data according to the regulation, as well as the responsibility and training of the personnel responsible for the processing.
If requested, they are consulted to provide an opinion on the impact assessment on data protection, as established by art. 35. Finally, they must actively cooperate with the supervisory authorities, representing a point of reference in all matters related to processing.