The General Data Protection Regulation (GDPR) becomes effective from May 25, 2018. These regulations are designed to provide privacy and protect the personal data of all EU residents.
Individuals now have a greater say over how their personal data is collected, used, stored and disposed of – and all businesses have a legal responsibility to ensure they comply. This applies to all organisations, irrespective of location, even beyond the borders of the EU, when working with EU residents’ personal data in any manner.
Artesian started work on GDPR early in 2017, and committed to compliance well before the May 2018 deadline. With communication and data at the heart of our business, we have made changes across our organisation, and dedicated resource to ensure that this is an ongoing commitment.
Artesian’s Compliance with the GDPR
Artesian provides a variety of data to help companies engage with their prospects and customers. Most of this is non-personal company information, data and insights, which do not fall under the GDPR. As a result, the core functionality of the Artesian service will not be impacted.
However, there is some personal data which is provided to Artesian by external data providers. As both a controller of this data, and a processor of our customers’ data, and to ensure we are fully compliant with the GDPR across all aspects of our organisation, we have:
- Updated our Terms of Service and Privacy Policies to reflect Artesian’s role as a processor of our customers personal data.
- Completed a full internal audit, across the organisation, looking at our product, suppliers, partners and internal processes.
- Completed a gap analysis and implemented the necessary changes; including ensuring our suppliers and partners are all also compliant with the GDPR.
- Implemented new and/or improved processes to ensure our ongoing compliance, including, but not restricted to, reporting errors in data, data subject access requests and the right to erasure.
- Made public information on the ongoing use of Artesian to contact new prospects and existing customers, post May 25, 2018
- Confirmed our data providers have each run their own audits, and have confirmed GDPR compliance, including ensuring they have appropriate lawful basis for processing the data.
We have taken all steps to ensure that we comply with the GDPR and are dedicated to ensuring that this is an ongoing commitment in both our data processes and the way we communicate, as a business.