General Data Protection Regulation

Igloo & GDPR

If you’re thinking ahead to the European Union General Data Protection Regulation (GDPR), we are too. Igloo is committed to helping our customers comply with the upcoming legislature through our strong foundation of data governance and championing of privacy.

What is the GDPR, and why is it important?

The GDPR is a regulation put into place by the European Union (EU) as a replacement for the Data Protection Directive. The core purpose is to create a single regulation to safeguard EU citizens’ fundamental right to data protection. The GDPR is coming into effect at a time when consumer sentiments for greater data protection are growing.

A survey of over 7,500 consumers by RSA found:

73% of respondents are more aware of data breaches than five years ago.

54% are less likely to buy products or services from companies that mishandle data.

62% will blame a company that loses their data before blaming the hackers.

69% have boycotted, or would boycott, a company that disregards protecting customer data.

Failure to comply with the GDPR has significant financial repercussions; fines for minor infringements are the higher of €10M or 2% of revenue, and major infringements are the higher of €20M or 4% of revenue.

What identifying information is processed through Igloo?

As a data processor, Igloo may handle the following information:

Personal Data

Personal data is any identifying information of an individual. Examples would include a user’s name, image, email address, birthday, job title, phone number.

Sensitive Personal Data

Sensitive personal data covers special categories of personal data, specifically racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, and biometric data. While these categories of information are unlikely to be in your digital workplace, Igloo will still prepare for it nonetheless.

How should I prepare for GDPR?

In your role as a data controller, we recommend that you review all data processing activities that might be impacted by the GDPR. Upon identifying those of which are your responsibilities, as opposed to ones managed by Igloo or other data processors, ensure your organization properly prepares those activities for full compliance with the GDPR.

Which requests will Igloo be fulfilling?

Igloo will fulfill subject access requests and requests for erasure from our customers. A request for erasure refers to when an employee requests all identifying information to be erased from your digital workplace. A request for access is an when an employee requests an output that shows, or provides access to, all identifying information in your digital workplace.

Igloo will only fulfill requests by an authorized representative of the Igloo customer, not an individual employee. Once GDPR comes into effect, an authorized representative can submit a request for erasure or a subject access request by sending us a support ticket.

How can I learn more about GDPR?

To learn about GDPR, we recommend visiting the website of the European Commission, the Information Commissioner’s Office, or reading the GDPR itself.

Get started with Igloo