GDPR and Privacy Cloud
Updated
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that redefines what constitutes personal data and establishes strict requirements for how such data is collected, stored, and processed. Organizations must design their systems and processes with data protection and privacy in mind—often referred to as privacy by design.
GDPR applies to any entity that offers goods or services to individuals within the European Union (EU), or that processes the personal data of individuals located in the EU, regardless of the organization’s geographic location.
Non-compliance with GDPR can result in significant penalties, including fines of up to €20 million or 4% of annual global revenue, whichever is higher. Key obligations under GDPR include:
Appointing a Data Protection Officer (DPO) when required.
Reporting all data breaches to the relevant authorities within 72 hours.
Providing appropriate remediation and communication to affected individuals.
Key GDPR Terminology
Data Subjects: Individuals whose personal data is collected and processed.
Data Controllers: Entities (e.g., customers) that determine the purposes and means of processing personal data.
Data Processors: Service providers (e.g., Sprinklr) that process data on behalf of the Data Controller using appropriate technology.
Data Subject Rights in GDPR
In GDPR, personal data is defined in a specific way and individuals have the right to:
Transparency | To how their data is being used (privacy policy) |
Automated decisions and profiling | The right to have automated decisions reviewed |
Access and rectification | Controllers must correct errors in data |
To be forgotten | Subjects can request their data is deleted or restrict how it is processed |
Data portability | Subjects have the right to see/transfer their data |
Opt-out of direct marketing | Subjects must opt-in to receive direct marketing |
Data Processor & Data Controller Obligations in GDPR
Data Protection Officer | Appoint a name exec responsible for GDPR |
Document data flows and asses impact | Register of how data is collected and processed |
Access and rectification | Controllers must correct errors in data |
Data Protection by Design | Encrypt and restrict access to data |
Have processes for Data Subject rights | To be forgotten, transparency, object/opt-out, portability |
Data retention | Don’t keep data longer than necessary |
Sprinklr's Data Subject Rights for Privacy
Sprinklr's Data Subject Rights were created for the intention of complying with all of the data related rights as defined in GDPR.
Components of Privacy Cloud
Term | Description |
Right to Access Cases | Manage a workflow to download data about an individual from across Sprinklr |
Right to Recify Cases | Ability to make changes to the data (for example, any custom properties that apply to a user) |
Right to Erasure Cases | The right to be forgotten (this is a hard delete of the individual’s profile) |
Consent Withdrawal Cases | If someone objects to you processing their data - you can opt them out of areas like Listening or Audience Targeting |
Privacy Workflows | This takes you to Sprinklr’s Workflow Engine, which powers the above processes. You may search “GDPR” to see all the default workflows. You may add whichever additional workflows you want or any existing default workflows |