About GDPR and Privacy Cloud

Updated 

What is GDPR?

General Data Protection Regulation (GDPR) redefines what is classified as personal information and introduces various obligations for how it is stored and processed (you must design all your processes with security in mind) as well as new rights for individuals the data applies to. This law applies to anyone offering goods or services inside the EU or anyone in the EU. In case of non-compliance, fines of up to €20m or 4% of annual revenues may be imposed. Part of the obligation is that all companies handling data must appoint a Data Protection Officer and all data breaches must be reported within 72 hours and compensated. 

While talking about GDPR, there are 3 main terms:

Data Subjects - the individuals for which the data is collected.

Data Processors - the software companies that provide the technology to collect/manipulate data, ie. Sprinklr.

Data Controllers - the customers

Data Subject Rights in GDPR

Under GDPR, personal data is defined in a specific way and individuals have the right to:

Transparency

To how their data is being used (privacy policy)

Automated decisions and profiling

The right to have automated decisions reviewed

Access and rectification

Controllers must correct errors in data

To be forgotten

Subjects can request their data is deleted or restrict how it is processed 

Data portability

Subjects have the right to see/transfer their data

Opt-out of direct marketing

Subjects must opt-in to receive direct marketing

Data Processor & Data Controller Obligations in GDPR

Data Protection Officer

Appoint a name exec responsible for GDPR

Document data flows and asses impact

Register of how data is collected and processed

Access and rectification

Controllers must correct errors in data

Data Protection by Design

Encrypt and restrict access to data

Have processes for Data Subject rights

To be forgotten, transparency, object/opt-out, portability

Data retention

Don’t keep data longer than necessary

Sprinklr's Data Subject Rights for Privacy

Sprinklr's Data Subject Rights were created for the intention of complying with all of the data related rights as defined in GDPR. 

Unified Front Office Platform_Privacy

Components of Privacy Cloud

#
Term
Description
1

Manage a workflow to download data about an individual from across Sprinklr

2

Ability to make changes to the data (for example, any custom properties that apply to a user)

3

The right to be forgotten (this is a hard delete of the individual’s profile)

4

If someone objects to you processing their data - you can opt them out of areas like Listening or Audience Targeting

5

This takes you to Sprinklr’s Workflow Engine, which powers the above processes. You may search “GDPR” to see all the default workflows. You may add whichever additional workflows you want or any existing default workflows