The General Data Protection Regulation (GDPR) is a new European Union (EU) law that gives residents greater protection and control of their personal data. GDPR will regulate the data that can be collected, stored and transferred for companies both in and outside of the EU.
When does GDPR come into place?
All companies that process EU resident data must be ready to comply when the GDPR enforcement starts on May 25, 2018.
As a company, Fox World Travel is committed to ensuring compliance with the GDPR by May 25, 2018. Fox World Travel has been consistent in its approach to data protection as part of our general product standards and this is now being extended to reflect new requirements of the GDPR.
Fox World Travel is committed, with its products and services, to enable its customers to implement the EU’s General Data Protection Regulation (GDPR) requirements. Existing product and services features are being enhanced to support customers in their GDPR compliance journey.
Fox will be the first company to receive Data Protection and Privacy certification based on GDPR by the British Standards Institute.
How can Fox World Travel help?
Fox World Travel solutions adhere to industry practices for global data privacy, security and data governance. We help you protect your data and optimize your travel, expense and invoice experience.
- Fox World Travel services are developed with customer data protection and security in mind aligning to both SAP and industry practices. Fox World Travel are committed to helping customers understand how our solutions protect the confidentiality, integrity and availability of their data by proactively publishing information such as certifications and attestations, data processing agreements and real-time cloud solution availability.
- Fox World Travel provides data centers in various regions around the world so customers can choose where their data is processed.
- Fox World Travel applies robust security measures by maintaining activity records, privacy by design checks, privacy impact assessments and new privacy rights within product cycles.
- Fox World Travel adheres to guidelines and training through the BS10012 certified Data Protection Management System (DPMS) to effectively manage data protection.
- Fox World Travel takes a global approach with its Data Processing Agreement (DPA) which incorporates the Standard Contractual Clauses (SCC), but goes beyond SCC in providing data protection assurances to customers.
Fox World Travel services have always been built on stringent data protection principles and standards. Below are some examples of how our services will aim to meet the key compliance requirements.
Transparency of data usage / access to information:
Personal data is available for reporting and export to the data subject or authorized employees, who require access to perform a relevant, critical business function. Any changes made to personal profile data are automatically tracked in Fox World Travel products – regardless of the channel used to make the change.
Right to be forgotten:
- Fox World Travel will introduce a feature in time for the GDPR that allows customers to purge personal data. Once an end-user is deactivated in the Fox World Travel solutions, customers can automatically remove personal profiles.
- Fox World Travel will also implement a feature in time for the GDPR in the Data Retention Administration portal so customers can remove all transactional and remaining data associated to a data subject from the system.
Data retention of customer data upon policy requirement:
- Fox World Travel allows customers to specify, based on policies, the length of time their data is going to be stored in our products.
- Customers can also create exceptions that block specific data subjects from being removed.
- The feature will also remove critical personal data user. Once an end user is deactivated, the new system will automatically expedite the remove associated specific personal data.
Restriction of processing (role based access to personal data):
Fox World Travel offers Role Based Permissions (RBP) to keep personal data secure in the travel, expense and invoice management products and through backend processes.
Change logging for personal data and sensitive personal data logging:
Fox World Travel enables logging of personal data changes and access logging for sensitive personal data.
Fox World Travel shares information notices with customers to reflect the updates in our travel, expense and invoice management services.