GDPR and Data Sharing with Third Parties
Every time you connect a third-party service, you are usually sharing personal data with it, and UK GDPR holds you responsible for that data wherever it goes. Integrations therefore have a compliance side as well as a technical one.
This article explains your responsibilities in plain terms and how we help you meet them when integrating.
What You Need to Consider
Sharing data does not remove your duty to protect it.
- A lawful basis for sharing the data in the first place.
- A data processing agreement with the provider.
- Where the data is stored, especially outside the UK.
- How long the third party keeps the data.
How We Help
We build integrations that share only what is necessary and keep you in control.
- Share the minimum personal data the task requires.
- Honour consent and let people opt out everywhere.
- Help you record what is shared and with whom.
- Support deletion requests across connected services.
Frequently Asked Questions
Is the provider responsible for compliance, not us?
Both share duties, but as the data controller you remain accountable, so the choice of provider matters.
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.