GDPR – Regulation for processing personal data
GDPR stands for General Data Protection Regulation, which is the data protection regulation that all organisations handling personal data must comply with.
The organisation needs to, for example, comply with the basic principles, ensure that the processing has a legal basis, and inform registered persons about how their personal data is processed.
At Artisan Global Media, we regularly adapt our softwares and company policies to ensure compliance with GDPR.
How does Artisan Global Media work with GDPR?
We at Artisan Global Media prioritise compliance with the legislation. An essential part of this is that, since 2018, we have been information security certified according to ISO 27001. The certification means that our customers can be confident that our security work is at a high level and that we follow and fulfil the requirements of the GDPR. Our services and softwares have the necessary features to meet the requirements.
Data Processing Agreement for SaaS customers
All SaaS customers sign a Data Processing Agreement with Artisan Global Media. This agreement is based upon the Swedish IT and Telecom Industries standard agreement*:
- Cloud Services, General Terms and Conditions 2023
- Cloud services, Special Terms and Conditions Personal Data, with appendix.
We also sign Data Processing Agreements with customers who have Service Agreements for On-Prem installation in cases where this is desired because the customer decides to give Artisan access to the customer's installation for support, training, or consulting work.
Controllers and Processors of Personal Data
In managing personal data, there are two roles to be aware of:
Controller - A controller is responsible for managing personal data and determines the purposes and means of processing personal data. The controller ensures that the law is adhered to and shall inform the persons who's personal data is being managed. The controller also ensures that the Personal Data Processor complies with its obligations.
Personal Data Processor – manages the personal data on behalf of the Personal Data Responsible and is responsible for the technical and organisational security measures.
The SaaS customer is the controller of personal data, and Artisan Global Media, providing the software, is the personal data processor.
The customer's responsibilities as Controller of Personal Data
The customer is responsible for and manages all handling of Personal Data in the software. The customer is the controller of personal data and has this function towards its users/clients/respondents etc.
Artisan Global Media's responsibilities as Processor of Personal Data
By providing the Artologik software as a SaaS, Artisan becomes Personal Data Processor for SaaS customers. Artisan Global Media takes technical and organisational security measures to ensure customer safety regarding Personal Data being handled in a safe way and in appliance with the law.
GDPR guides to your Artologik Software
In the links below, you will find information about features that support you in working in accordance with the GDPR for each software.
*The IT and Telecom Industries refers to the Swedish IT and Telecom Industries - a member organisation for companies of all sizes within the entire IT and telecom sector in Sweden.