Shaking hands
Privacy by design icon

Privacy by Design & Default

Privacy by Design and Default underpin our practices and solutions. These core principles enable FTI Technology infrastructure teams to assume a proactive approach to data protection and integrates privacy into daily operations, technical workstreams, the Program Management Office and our client’s chosen technology platforms. Supported by our dedicated governance and privacy operations team, we incorporate the following Privacy by Design principles:

  1. Proactive not Reactive.
  2. Privacy as the Default Setting.
  3. Privacy Embedded in to the Design.
  4. Full Functionality.
  5. End-to-End Security.
  6. Visibility and Transparency.
  7. Respect for User Privacy.
Data residency icon

Data Residency

Depending on the scope, service offering and solution(s), clients can choose where their data is located among the numerous regions around the world in which FTI Technology provides services. FTI Technology’s data residency approach balances operational resilience while enabling compliance with various data sovereignty requirements and supporting delivery of the services best suited to each client's needs.

Regulation icon

Data Privacy Regulation

FTI Technology’s business processes and our clients’ engagements require that we fully understand and respect the rules and guidelines of applicable global data privacy legislation which govern the use of personal data. In order to arm our professionals with the tools and infrastructure needed to meet our clients’ requirements, while also upholding the privacy of our clients' data, we have architected services and solutions that align with privacy regulations specific to the country and service chosen by each client. For more in-depth information on how these services comply with regulations such as GDPR and additional information regarding data transfer impact assessments, please consult our privacy whitepaper here. We also encourage our clients to review our standard FTI Technology Data Protection Addendum (DPA), which also contain provisions to assist our clients' compliance with GDPR, US privacy laws and other data protection legislation. To learn more about FTI Technology's professional services, click here.

International transfers icon

International Data Transfers

FTI Technology provides services to clients spanning the globe. As such, client engagements and the services performed often extend across international borders and regulatory jurisdictions. Accordingly, prior to a client disclosing personal data to FTI Technology and depending on the scope of services provided, we will require that a DPA (or substantially similar agreement) is executed. This contractual agreement sets out the terms, organizational measures and controls surrounding how we process personal data controlled by our clients. Our GDPR compliant DPA's address various global regulatory directives which stipulate how personal data may be lawfully transferred and processed outside of the European Economic Area (EEA) using safeguards such as the EU-US Data Privacy Framework, UK Extension to the EU-U.S. DPF, Swiss-U.S. DPF, and the Standard Contractual Clauses (SCC’)s as defined in the EEA's latest adopted version. Further, FTI Technology protects personal data disclosed by the client by implementing appropriate technical and organizational measures (also referred to as TOM’s) to provide an adequate level of data security. To review our standard TOMS, click here.

Onward transfers icon

Onward Transfers - our Sub-Processors

We offer various service and delivery models that allow FTI Technology to support the needs of very complex, visible and at times, regulated engagements. Many of these solutions require the use of cloud service and storage providers, as well as other strategic Sub-Processors globally. Whenever FTI Technology services or solutions require use of one of our trusted Sub-Processors, we remain transparent and accountable to our client and data subjects. Clients always know who and where we transfer data to, how it is used, to what purpose and to what duration. Learn more: