Schedule a Call

Priority focus on data privacy and security for you and your mobile employees

As your mobile employees travel the world, they expect that their employer is taking steps to safeguard their personal and confidential information. As your global mobility tax provider, it is GTN's responsibility to ensure you can hold true to their expectations. We make it our priority to protect the personal data you and your mobile employees provide by following industry best practices and delivering transparent communications related to our data management policies.

travel-security1

Compliance

  • GTN is in compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and, as applicable, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). We are on the authoritative DPF list that is maintained by the US Department of Commerce and is made available to the public on their website located here: https://www.dataprivacyframework.gov/s/participant-search.
  • We partner with VeraSafe, a well-established and respected organization to ensure we are up to date on global data security matters (e.g., General Data Protection Regulation (GDPR) readiness) and that our web-based tools are secure.
  • We complete an annual SOC 2 Type 2 audit, and the most recent audit report is available by contacting privacy@gtn.com.
  • We monitor updates to laws as well as guidance issued by authorities and subject matter experts to confirm our data processing activities are fully compliant with applicable privacy laws.
  • Periodic updates are made to our policies and agreements with third parties (e.g., we update our internal procedures and our Data Processing Addendums whenever necessary due to significant developments in data protection laws and regulations that apply to our business operations).

 

Security

  • To provide additional, high-level security, we have implemented Next Gen Firewall, Anti-Malware, and Intrusion Protection System tools; Multi-Factor Authentication, Encryption Solutions, and Email Management Security Services with advanced Spam and Virus protection capabilities including “Threat Emulation” and URL analysis.
  • Our third-party security consultant completes annual internal, external, and application-level vulnerability and penetration assessments. Our consultant also conducts external vulnerability scans monthly.
  • Randomized simulations to observe and educate on user security awareness pertaining to phishing, smishing, etc.
  • Required security training for company personnel.
  • Background checks for all employees and contractors with GTN.

 

Logging and Monitoring

  • SIEM tools are used to gather and report on events and logs providing a quick response to events that are outside normal operations.
  • Enhanced logging and auditing are used for accounts with advanced permissions.
  • User and Event logging enabled with our PaaS and Cloud services.
  • Access to data and data shares are logged, reviewed, and updated on a scheduled basis.

 

Policies and Procedures

  • Policies and Procedures are reviewed with the GTN Executive Team on a regular basis.
  • We have formal policies and procedures in place related to the following key areas:
    • Acceptable Use
    • Bring Your Own Device
    • Business Continuity (BC/DR)
    • Data Security
    • End User Security
    • Incident Response
    • Personal Data Standards
    • Risk Assessment
    • Shredding and Data Destruction
    • Technical Control
    • Vendor Management

Do you have questions about our privacy and security procedures?

CONTACT US

More information on Data Privacy and Security at GTN

STANDARD CONTRACTUAL CLAUSES - CONTROLLER TO CONTROLLER

STANDARD CONTRACTUAL CLAUSES - CONTROLLER TO PROCESSOR

GTN Subprocessors

Processor Services Data Processing Terms

Jurisdiction Specific Terms for GTN Clients

Jurisdiction Specific Terms for GTN Service Providers

For more information regarding GTN Privacy Polices click here.

Security