The General Data Protection Regulation (GDPR) became effective on May 25, 2018. These regulations are designed to provide privacy and protect the personal data of all EU residents.
Individuals now have a greater say over how their personal data is collected, used, stored and disposed of – and all businesses have a legal responsibility to ensure they comply. This applies to all organisations, irrespective of location, even beyond the borders of the EU, when working with EU residents’ personal data in any manner.
Artesian already met data-protection standards set out in the Data Protection Act 1998, and we have also taken a keen interest in the GDPR. With communication and data at the heart of our business, we committed to compliance as early as possible, and with the full support of our Board and our Senior Leadership Team. We have also dedicated resources to ensure that this is an ongoing commitment for our business.
Artesian’s Compliance with the GDPR
Artesian provides a variety of data to help companies engage with their prospects and customers. Most of this is non-personal company information, data and insights, which do not fall under the GDPR. As a result, the core functionality of the Artesian service will not be impacted.
However, there is some personal data which is provided to Artesian by external data providers. As both a controller of this data, and a processor of our customers’ data, and to ensure we are fully compliant with the GDPR across all aspects of our organisation, we have:
- Updated our Terms of Service and Privacy Policies to reflect Artesian’s role as a processor of our customers personal data.
- Completed a full internal audit, across the organisation, looking at our product, suppliers, partners and internal processes.
- Completed a gap analysis and implemented the necessary changes; including ensuring our suppliers and partners are all also compliant with the GDPR.
- Implemented new and/or improved processes to ensure our ongoing compliance, including, but not restricted to, reporting errors in data, data subject access requests and the right to erasure.
- Made public information on the ongoing use of Artesian to contact new prospects and existing customers – available here.
- Confirmed our data providers have each run their own audits, and have confirmed GDPR compliance, including ensuring they have appropriate lawful basis for processing the data.
We have taken all steps to ensure that we comply with the GDPR and are dedicated to ensuring that this is an ongoing commitment in both our data processes and the way we communicate, as a business.
If you have any questions, please do not hesitate to get in touch with your account manager or via firstname.lastname@example.org.
This statement can be downloaded via this link: Artesian_GDPR_Statement.