What exactly is the GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.

Does GPS have a plan in place to be compliant with the GDPR by May 25, 2018?

GPS has an understanding and a respect for the privacy of personal information. Confidentiality and security of information is extremely important to us. GPS has a GDPR compliance plan in place to meet the May 25th deadline.

How has GPS prepared for the GDPR?

Recognizing the impact of GDPR, GPS identified a team of executives to lead its GDPR compliance efforts and worked with a consulting firm. GPS closely reviewed GDPR (including regulator interpretations) as well its existing common control framework to identify changes or improvements in GPS’ data protection program.

How much personal data does GPS use/store?

GPS’ only stores data that is required for normal operation of our platform. No personal data is stored besides private names and emails for login, trade notifications and support. Payment details are stored at our client’s request. This data is limited to the details needed to execute the delivery of payment on behalf of our client.

GPS’ marketing department does store email addresses to send out its Overnight Market Summary. This summary contains information regarding the foreign currency markets and is not used for solicitation. Our consent process for these emails is fully compliant with GDPR and all marketing emails have a clear unsubscribe link. Customers wishing for all marketing contact details to be modified, reviewed or deleted should email [email protected].

May I opt out of GPS communications?

Yes. We retain minimal basic user information to communicate with our customers regarding their transactions. However, GPS users may opt-out of communications by contacting GPS at [email protected].

Where does GPS host customer data?

GPS-hosted instances are hosted in the Microsoft Azure cloud. By default, GPS hosts in the US West region geo redundancy in other regions. All data hosted with GPS is encrypted and behind firewall.

Has GPS evaluated its security policies, management, and controls to meet GDPR?

Yes. Our data security program is designed to ensure that the policies, controls and processes are appropriate to the type of personal data and data processing collected.

What protection does GPS have against data breaches?

Security is a top priority for GPS. As such, we employ numerous security measures to ensure that GPS is completely secure.

What security certifications does GPS have?

Annually GPS has an examination of its corporate foreign exchange services and systems and on the suitability of the design and operating effectiveness of its controls. The examination is performed in compliance with the American Institute of Certified Public Accountants (AICPA) and the Service Organization Control Standards (SOC1 SSAE 18 Type II audit).

Does GPS comply with data protection by design and by default principles in the design and development of its services?

GPS Development and Management teams collaborate with our Compliance privacy leads to assess and mitigate potential privacy risks during the various phases of product development starting from concept, through requirements gathering, and throughout implementation. The collaboration typically includes regular meetings where the teams collaborate on developing products/services that meet and/or exceed applicable data privacy requirements.

Does GPS conduct Privacy Impact Assessments to identify and minimize the privacy risks of new projects?

GPS’ privacy professionals assess a variety of activity involving personal data for risk and frequently make recommendations for how to reduce any risks identified. Under GDPR when these assessments identify a high risk, GPS will conduct full data protection impact assessments.

How long does GPS retain customer data? Will GPS delete customer data when requested?

GPS keeps permanent record of all transactions including the user name of those conducting the transaction. If a client wishes to have a username and email removed from the system, they can do so by contacting [email protected].