What is GDPR?
The General Data Protection Regulation (GDPR) 2016/679 is one of the most powerful privacy protection laws, specifically enacted to protect European Union (EU) citizens’ data. GDPR essentially empowers EU citizens with control over their personal data.
Importantly, the GDPR applies to any company or person that processes or stores information about people who live in the European Union. In other words, your company does not need to be located in the EU to be subject to GDPR. It applies if you store data about any natural person in the EU.
The GDPR distinguishes between data 'controllers' and 'processors'. With respect to data about EU citizens, if your product or service captures and stores that data then you are likely the 'controller' of that data. You may also use other services - such as Sherlock - to further process and store that data. In such a case Sherlock would be a 'processor' of that data.
As a controller of data, you are responsible to assure that processors of your data also meet requirements for GDPR and that those requirements are contractually obligated. Generally, this is accomplished with a data processing addendum or agreement.
Is Sherlock GDPR compliant?
Yes, since our inception in 2018, all products and services of our parent company Space Pencil, Inc. - including Sherlock - are GDPR compliant.
One of the main rights granted to end users under GDPR is the right to erasure. Under this right, a user may demand that a data processor delete all data about them.
Sherlock complies with this right and allows any of our users to request deletions for their end users. All deletion requests can be submitted to email@example.com. All deletions will be scheduled and carried out within the 30 day window guaranteed by GDPR.
You can receive a current list of Sherlock's subprocessors upon request.
Do you have a DPA?
Yes. If you are a customer of Sherlock and would like to execute a Data Processing Addendum with Sherlock you can download the DPA from https://www.dropbox.com/s/w7rattng2esiu3y/SPACE%20PENCIL%20DATA%20PROCESSING%20ADDENDUM.pdf?dl=0.
Follow the instructions to execute and send to firstname.lastname@example.org.