Under the GDPR, it is stipulated that:

“Where a data controller has an online presence, the WP29 recommends that the controller provides a privacy notice which is layered. The data subject should have a clear overview of the information available to them and on finding detailed information within the layers of the notice. The Guidelines provide that the first layer should always contain information on the processing which has the most impact on the data subject and processing which could surprise the data subject.”

There are various interpretations of that statement, while we understand some clients are taking the GDPR regulations more seriously than others, in accordance with our advice, Sopro have updated our best practice compliance guidelines to require all clients to include a statement in keeping with (or to the effect of) the statement set out below. This is to ensure data subjects are notified of Sopro as an appointed data processor within the terms of their online privacy policy. 

Clause for insertion as follows:

“Third Party Processors 

 Our carefully selected partners and service providers may process personal information about you on our behalf as described below: 

Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:

(i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”