What is the GDPR?
The General Data Protection Regulation (GDPR) imposes strict controls on how all organisations collect and process personal data within the EU and/or the personal data of EU citizens.
At Sparkle we are big fans of the GDPR. We have always believed strongly in data privacy and it is great to see these regulations come into force.
In the UK, where we are based, the GDPR is enforced by the UK’s data authority, the Information Commissioner’s Office (ICO).
Those individuals or businesses which determine the purposes and means of processing personal data are referred to as data controllers under the GDPR, whereas a data processor is responsible for processing data on behalf of the data controller. The people whose personal data are being processed are data subjects.
Here's how Sparkle relates to you in data processing terms under GDPR:
The regulation outlines six key principles for organisations that process individuals’ personal data. These are that data shall be:
- processed lawfully, fairly and transparently;
- collected for specified, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary for processing;
- accurate and kept up to date;
- retained only for as long as necessary;
- processed in a manner that ensures approprite security.
Basis and consent
By signing up to Sparkle, you are entering into a contractual agreement which gives us a lawful basis to process your data, in line with GDPR requirements.
For those who wish to receive our occasional email newsletters with helpful tips and previews of new features, we will need your explicit consent. We make sure it’s clear how you can agree to this and equally how you can withdraw your consent at any time.
What has Sparkle done to prepare for GDPR?
We have audited all our systems to know what data we hold, where we hold it, where that data comes from and where it goes. This enables us to keep track of all data and helps us to make the right decisions when it comes to making sure that your data is always protected.
We have a company-wide commitment to compliance with the GDPR. Everyone working at Sparkle understands what their own responsibilites and those of the company are.
We’re constantly improving the technical and organisational measures we have in place to protect your data and are committed to being fully compliant with GDPR.
We will also support you with your own compliance obligations regarding any customer data held within Sparkle, including the rights to:
- see a full copy of any personal data;
- correct any inaccurate personald data;
- request your personal data be deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations);
- obtain a full electronic copy of your data.
If you ever want to contact us about GDPR, data protection or to find out more about how we process your data, please feel free to drop an email to firstname.lastname@example.org and we will get back to you as soon as possible.
Where can I learn more about GDPR?
The UK Information Commissioner’s Office website is a great resource for GDPR information.