Sprinklr and GDPR: What You Need to Know

With the May 25th deadline approaching, companies around the world are working hard to ensure that they are compliant with the European Union’s General Data Protection Regulation (GDPR).

The GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU. All companies that deal with EU customer data must comply with these new guidelines, and those that don’t may incur substantial fines. According to GDPR, personal data can include names, photos, email addresses, bank details, social media posts, medical information, and more.

And while May 25th will be here soon, a recent study found that only 14 percent of organizations believe they’re full ready to meet the requirements of GDPR. We’re proud to report that the Sprinklr platform will comply with GDPR by the 25th.

Furthermore, Sprinklr has invested to go beyond compliance to address some of the top concerns that business struggling with GDPR compliance have. According to eMarketer, top challenges include Managing Data Portability & the Right To Be Forgotten, Controlling Access to Personal Data, Finding Stored Data and Complying with Profiling Requirements.

Implications for Sprinklr Customers

What does GDPR mean for Sprinklr customers? The data and information collected and processed by Sprinklr in the context of the provisioning of the Sprinklr platform and services for our customers includes the following categories:

Account Information

• Personal data related to the customer’s employees using the Sprinklr platform required for the usage of the platform.

Customer Content

• Content to be published to customer’s social media profiles (e.g. Facebook page) connected to the Sprinklr platform, uploaded by the customer (e.g. logos, brand images, templates, etc.).
• For specific use cases (e.g. audience marketing) data related to customer’s customers, newsletter subscribers etc., uploaded by the customer.

Social Data

• Content published or sent by social media users via customer’s social media profiles (e.g. Facebook page), connected to the Sprinklr platform (both public and private messages to customer).
• Publicly accessible data from the social media networks based on certain search queries (e.g. #customer), defined by the customer.

Legal Basis of Social Media Listening

Collection of publicly accessible data from the social media networks usually is based on “legitimate interest” (and not on the social media users’ consent). The concept of “legitimate interest” and the associated balancing of interests are regulated under Art. 6 (f) GDPR. Sprinklr sees no relevant changes in the legal foundation of such data processing operations.

Sprinklr will be happy to support our customers in their balancing of interests and their documentation of the legitimate interest. Please note that because Sprinklr is not a law firm, it may not provide individual legal advice to our customers – only general opinion and “food for thought.”

Want to Know More? 

If you have questions about GDPR, please don’t hesitate to contact your Sprinklr account manager. They’ll be able to walk you through the details of GDPR, and can receive your verbal consent for your data to be used by Sprinklr.