GPI Back Office. A system designed and built with privacy at its core.
The GPI Back Office System is powered by Back Office Solutions Ltd (BOSL). BOSL is an Isle of Man based company. BOSL act as the Data Processor for as defined by the EU General Data Protection Rules.(EU GDPR)
EU GDPR Overview
European Union General Data Protection Rule compliance (GDPR) is required by any organisation that either does business in the EU or collects, processes and stores personal information of EU citizens. The Rules became enforceable from May 2018 and they are more stringent than preceding legislation. Compliance is compulsory so each member state does not have to ratify them into its own law.
The EU GDPR are not that prescriptive in terms of the technology controls required, rather stating that appropriate organisational and technological controls must be in place to protect sensitive data. Encryption is of course essential but organisations must understand their business operations and their data movement to best determine which controls, either technical or procedural can deliver the most effective method for ensuring DPR compliance.
Data Processers and Data Controllers
The Rules also introduce the concept of Data Processers and Data Controllers. A Data Processer is the designer and owner of the software. Back Office Solutions Ltd (BOSL) is by definition, a Data Processor. The responsibility of BOSL is to ensure that the technical controls are in place such as encryption, firewalls, password masking etc.The Data Controllers are the individual users within our client companies. It is important that each user understands their responsibilites under the rules to keep client data safe and then act accordingly when using the systems.
Data Protection Officers (DPO)
We have appointed Sophy Blakemore as our DPO for monitoring compliance with the EU GDPR and other data protection laws that may apply to us.
Privacy by Design
The Rules introduce the concept of Privacy by Design, which requires that all strategies and controls put in place for ensuring compliance must take the need for data privacy as the core, to shield them from damaging data breaches and possible sanctions. With this in mind and whilst not an exhaustive list BBO has the following controls in place.
Email Address Verification
All our users have a unique username i.e the email address itself.
User Set Passwords
Passwords set by the users themselves using registration forms rather than old practices such as being given passwords to change in their profile after login.
We use 256 bit technology to ensure that passwords cannot be hacked and aggressive firewalls to filter unusual activity.
To ensure that people use strong words with unusual combinations. Follow up verification using the memorable word with random combination digits or captures to protect against internet hacking attempts by robots. If a password is forgotten it can only be reset using secure methods and email verification.
Managed Servicement Agreements
All our client companies have to sign an agreement to assure us that they understand their obligations and responsibilities under the EU GDPR. We also recommend that our client companies do tghe same with their users.
A Breach Register
To record any diagnosed misuse by registered users.
Back Office Solutions Ltd 1 Myrtle Street Douglas Isle of Man IM1 1ED British Isles