Compliance & Ethics
GFT’s Compliance Management System ensures adherence to legal requirements, ethical standards, and internationally recognised labor and social norms, as set out in our global Code of Ethics and Code of Conduct. We respect employees’ rights to freedom of association and collective bargaining, and where restricted by law, support alternative forms of representation. The Compliance Office oversees implementation, training, and reporting channels. More information is available on our Compliance page.
Environmental protection
As a reliable provider of technology solutions, we understand our environmental accountability and its importance. We strive to increase our operational efficiency including energy consumption, raise the share of renewable energy, and adopt more sustainable procurement practices. The basis for environmental and climate protection is set out in our Group Environmental Policy, which is binding for all employees of all Group companies.
Cybersecurity and Resilience
Our cybersecurity & resilience strategy aims to protect the company, its people, and its tangible and intangible assets, while ensuring business continuity.
Our information security management system (ISMS) is certified to ISO/IEC 27001 for exemplary areas and ensures consistent security policies across all entities.. Our German subsidiary is also TISAX certified for the automotive industry.
All employees are responsible for data security and complete annual mandatory training. Our Global Information Security Operations Centre (GISOC) monitors systems 24/7, supported by a zero trust network model. GFT’s resilient business model includes distributed delivery processes, cloud-based applications, and a hybrid working model, ensuring business continuity and security.
Data protection & privacy
Our data protection framework is built on respect for human rights and legislation, fostering trust in digital transformation for our clients, partners, and employees.
The Data Protection Team, led by the Chief Privacy Officer (CPO), ensures data protection is integrated into all operations. In 2023, our CPO received the IAPP Vanguard Award EMEA for exceptional leadership in privacy.
Our policies and guidelines ensure a high level of data protection across all GFT operations, even in countries without robust data protection laws. We provide mandatory and optional training programmes to ensure all employees understand and comply with data protection standards. Our GFT Group Data Sharing Agreement is a unified approach to safely share personal data within the Group.
A global incident handling process is in place for quick response to any data breaches, protecting individuals’ rights and preventing significant damage. Our Data Protection by Design approach integrates data protection into IT systems from the start, with ongoing campaigns to train Privacy Engineers and improve data protection considerations in software development.
We are committed to Responsible AI. Since 2020, GFT Group Data Protection have issued guidelines on AI and Machine Learning, and pseudonymisation, which was derived from the ACM Statement on Algorithmic Transparency and Accountability. In 2023, we launched a taskforce to develop guidelines for using AI tools like ChatGPT, ensuring safe, effective use and compliance with regulations. In 2024, a section on responsible AI was added to the GFT Group Data Protection Policy and a GFT Group Data Protection Guideline for Responsible AI was issued. GFT has committed to the pledges of the AI PACT.
