FIDI NEWS HOW TO RETAIN CUSTOMER DATA FIDI requires that your intercontinental move files meet the strict FAIM requirements. These files contain your customers personal data that could be subject to the European General Data Protection Regulation (GDPR). John Prooij, FIDI Manager Quality and Risk, shares some options on how to properly retain this data T JOHN PROOIJ, FIDI MANAGER QUALITY AND RISK WW W. F I D I. O R G FF290 pp24-27 FAIM.GDPR.indd 25 he General Data Protection Regulation (GDPR) is widely regarded as the most important change in data privacy regulation to be implemented in many years. It lays down new rules to protect peoples personal data and regulates how that personal data can be shared. It is important you ensure your company is compliant with this new law, and consider how it can work in tandem with the FIDI FAIM Intercontinental Move Files Check (move files). The validity of your company FAIM certification lasts for three years. This means that, during the FAIM onsite audit, the independent auditor has to go back through three years of data to ensure a thorough assessment of your move files is made. Your company may also be required to forward evidence to the FAIM Coordination Centre (FCC) to demonstrate compliance with FAIM quality requirements before and after your onsite audit takes place. The FCC has strict data protection procedures of its own to follow and a separate data protection agreement with independent auditor EY, to make sure all data is protected and aligned with GDPR requirements. Furthermore, EY needs to comply with the International Standards for the Professional Practice of Internal Auditing and the code of ethics issued by the Institute of Internal Auditors. Each member firm is individually responsible towards its clients and is required to adopt and abide by these global policies and procedures. HOW TO ENSURE GDPR COMPLIANCE IN YOUR COMPANY It is a GDPR requirement that your company supplies appropriate information on your data-processing activities and is transparent in how you use, and with whom you share, personal data related to your customers. Furthermore, the new regulation says that companies must not keep their customers information longer than necessary. But what does this really entail? 25 13/03/2019 12:44