About GDPR and Privacy Cloud
Updated
General Data Protection Regulation (GDPR) redefines what is classified as personal information and introduces various obligations for how it is stored and processed (you must design all your processes with security in mind) as well as new rights for individuals the data applies to. This law applies to anyone offering goods or services inside the EU or anyone in the EU. In case of non-compliance, fines of up to €20m or 4% of annual revenues may be imposed. Part of the obligation is that all companies handling data must appoint a Data Protection Officer and all data breaches must be reported within 72 hours and compensated.
While talking about GDPR, there are 3 main terms:
Data Subjects - the individuals for which the data is collected.
Data Processors - the software companies that provide the technology to collect/manipulate data, ie. Sprinklr.
Data Controllers - the customers
Data Subject Rights in GDPR
Under GDPR, personal data is defined in a specific way and individuals have the right to:
Transparency | To how their data is being used (privacy policy) |
Automated decisions and profiling | The right to have automated decisions reviewed |
Access and rectification | Controllers must correct errors in data |
To be forgotten | Subjects can request their data is deleted or restrict how it is processed |
Data portability | Subjects have the right to see/transfer their data |
Opt-out of direct marketing | Subjects must opt-in to receive direct marketing |
Data Processor & Data Controller Obligations in GDPR
Data Protection Officer | Appoint a name exec responsible for GDPR |
Document data flows and asses impact | Register of how data is collected and processed |
Access and rectification | Controllers must correct errors in data |
Data Protection by Design | Encrypt and restrict access to data |
Have processes for Data Subject rights | To be forgotten, transparency, object/opt-out, portability |
Data retention | Don’t keep data longer than necessary |
Sprinklr's Data Subject Rights for Privacy
Sprinklr's Data Subject Rights were created for the intention of complying with all of the data related rights as defined in GDPR.
Components of Privacy Cloud
Term | Description |
Manage a workflow to download data about an individual from across Sprinklr | |
Ability to make changes to the data (for example, any custom properties that apply to a user) | |
The right to be forgotten (this is a hard delete of the individual’s profile) | |
If someone objects to you processing their data - you can opt them out of areas like Listening or Audience Targeting | |
This takes you to Sprinklr’s Workflow Engine, which powers the above processes. You may search “GDPR” to see all the default workflows. You may add whichever additional workflows you want or any existing default workflows. |