Sparkcentral has completed its compliance readiness with the General Data Protection Regulation (GDPR). We began to dedicate internal resources to the GDPR in early 2017, almost a full year before the May 25th deadline. That has enabled Sparkcentral to achieve compliance readiness not only in time for the regulation’s implementation but ahead of schedule.
We made sure of this because we value our enterprise customers’ (and their customers’) rights to privacy and need to keep data protected. We want to help you focus on serving your customers, instead of navigating regulations. Therefore we are proud to announce that as a data processor, Sparkcentral meets GDPR requirements to support its data controller customers.
We have taken the following initiatives to support GDPR:
- Standardizing our Data Processing Agreement (DPA): Our DPA now reflects the standard requirements of GDPR.
- Secure data transfer and storage outside the EU: Transfers of personal data outside the European Economic Area (EEA) are permitted as long as certain safeguards apply. Sparkcentral agrees to protect any data originating from the EEA in line with European data protection standards. In addition, our pending Privacy Shield registration will be completed before the date GDPR comes into force (5/25/18).
- Controller-driven processing: As has always been the case, our customers (the data controllers) have full control over which data attributes are collected and used within the Sparkcentral platform.
- Industry best-practice standards compliance: Sparkcentral undergoes annual SOC2 Type 2 audits independently of its cloud provider (AWS). Furthermore, Sparkcentral has recently successfully completed its inaugural ISO27001 audit, and expects to be certified in May 2018. Both of these audits take into account and measure Sparkcentral’s adherence to GDPR requirements.
- Prompt breach notifications: In line with our current policies, Sparkcentral will promptly inform you of any incidents involving your users’ personal data.
And to help you comply with consumer requests related to relevant GDPR access rights:
- Support for deletion requests (right to be forgotten): Our Customers can pass on such requests from their consumers to their Sparkcentral Account Managers in order to delete a specific user’s data.
- Support for individual access (rights of access and portability): Sparkcentral will respond to access rights requests from its enterprise customers about any of their individual data subjects (e.g. consumers) by providing data about them unique to the Sparkcentral platform back to the enterprise in a common format. Note that to avoid violation of the terms of service on connected social-media (and other) platforms, Sparkcentral will not include data from those channels, since that data is mirrored by Sparkcentral from those sources and is not directly managed by Sparkcentral itself.
If you want to learn more about the GDPR and Sparkcentral’s readiness, visit our official GDPR page. For information on the regulations impact on your contact center and customer, enjoy this on-demand webinar with information security expert, Barak Engel.