GDPR — General Data Protection Regulation

Arctic Intelligence’s GDPR statement

  1. What is GDPR?
  2. Who does GDPR affect?
  3. Why should I care?
  4. How is Arctic Intelligence GDPR compliant?
  5. Does GDPR affect me?
  6. It’s a good thing.

What is GDPR?

The General Data Protection Regulation (GDPR) is a wide-ranging European Union (EU) regulation designed to protect the privacy of individuals in the EU. It gives them control over how their personal data is processed, including how it’s collected, stored and used.

Who does the GDPR affect?

The GDPR affects every company in the world that processes personal data about people in the EU. The regulation applies to organisations located within the EU and organisations located outside the EU if they “offer goods or services to, or monitor the behaviour of, EU data subjects”.

The key points here are defining what constitutes personal data, and the business’s role as either a ‘processor’ or ‘controller’ of the data. Here are some definitions for those points:

Personal data: “Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.”

Controller: “The entity that determines the purposes, conditions and means of the processing of personal data.”

Processor: “An entity that processes personal data on behalf of the controller.”

In Arctic Intelligence’s context, our platforms do not typically contain personal data on our customer’s and/or their users, however, depending on how our client’s use our platforms may contain personal data, in which case Arctic Intelligence would act as a controller and processor.

Why should I care?

Aside from the risk of penalty — worst case, organisations can be fined up to four percent of annual global turnover for breaching GDPR or €20 million, whichever is higher — GDPR gives control of personal data back to the people who own it. It makes data protection a core part of companies’ operations and processes. This is more likely to affect large, data-driven organisations first, but small businesses are not exempt.

How is Arctic Intelligence GDPR compliant?

Arctic Intelligence is an Australian company. We have staff, clients and partners in the United Kingdom/Europe. The GDPR has similarities with Australia’s Privacy Act 1988, so we already act with a ‘privacy by design’ approach. The GDPR goes further and we’ve made changes to comply. This means:

  • We proactively design our platforms around data privacy with comprehensive security on the Microsoft Azure cloud platform
  • We assess each data collection point for its necessity to the purpose of using our platforms
  • We’ve re-written all privacy policies to demonstrate that our collection and use of data is transparent
  • We have designed a process to execute the ‘right to be forgotten’, alongside data breach notification processes and company-wide training for all staff

Does GDPR affect me?

Probably. We’re not lawyers and can’t offer legal advice, but there’s a chance you will have some data somewhere for an EU citizen or resident. Which means you need to be compliant. We recommend you contact your own legal counsel to find out how GDPR affects you.

It’s a good thing

The GDPR is a good thing. It’s designed to give all of us more control over the data companies collect about us, how we can find out what that is (right to access), in getting a response when asking for it to be removed or updated (right to rectification), in stopping certain data from being used (right to object), and having the data deleted (right to be forgotten).

You can find more about the type of personal information we collect in our privacy policy.

Read the full text of the General Data Protection Regulation.