GDPR Compliance

Array Insights is actively pursuing HITRUST certification with GDPR compliance.

Array Insights’ responsibilities as a Controller under GDPR

Array Insights’ responsibilities as a Controller under GDPR can be found here.

Security Organization

Array Insights’ security organization is managed by the Security Lead and Data Protection Officer. Array Insights follows GDPR and HIPAA information security control frameworks for the Data Federation Platform and company environments. Array Insights performs annual assessments of the security controls in accordance with the control frameworks.

Array Insights Onboarding and Training

All Array Insights personnel are subject to background checks before access to company information systems containing personal data (PHI and PII). During the onboarding process, all personnel receive security training and security training is refreshed annually for all employees.

Non-Compliance and Sanctions

Array Insights adopted information security policies and procedures that follow GDPR and HIPAA frameworks. Any personnel who fail to comply with Array Insights’ information security policies are subject to sanctions.


Array Insights does not have access to any personal data (PHI or PII) from any customers at any time, including IT administrators and software developers, nor does Array Insights store any personal data – as soon as a user terminates a session within the Data Federation Platform, any and all data used for computations is deleted.

Incident Response, Business Continuity and Disaster Recovery

Array Insights has documented and implemented incident response, business continuity and disaster recovery plans to ensure the Data Federation Platform resume operation in a timely manner in the event of a disruption. Array Insights tests and monitors the effectiveness of its business continuity and disaster recovery plans at least annually.

Network Security

All data is protected by encryption in transit over all networks. Data at rest is protected by strong encryption and additional security controls, including segmented networks, tiered architecture, firewalls, anti-malware protections, and the limiting of port access.

Portable Devices

Array Insights will not store unencrypted personal data on any portable computer devices at any time.

Data Protection Officer Contact Information

Kanchana Padmanabhan, VP of Engineering