Here at Smartsheet, we’re dedicated to protecting the privacy of our customers. We take very seriously the need to keep the personal data that customers entrust to Smartsheet private and secure. As the European Union (EU) seeks to further strengthen EU residents’ privacy rights with the General Data Protection Regulation (GDPR), we are working to ensure our compliance in advance of the GDPR May 2018 effective date.
What is GDPR?
For those who aren’t familiar, the GDPR is an EU regulation that sets out new standards for the protection and processing of personal data of individuals residing in the EU. This will replace the current EU privacy standard (known as the EU Data Protection Directive) with a comprehensive regulation to be enforced more uniformly across all EU member states. The GDPR legislation is designed to give EU residents more control over and information about the use of their personal data across digital platforms.
Smartsheet and GDPR Compliance
To ensure our compliance with the GDPR standards as of its effective date, we are undergoing the process of reviewing and, where necessary, updating our current policies and practices. Today I wanted to share some information about our current practices and our plans related to GDPR compliance.
Similar to the Data Protection Directive, the GDPR requires that an adequate transfer mechanism be in place in order to facilitate the transfer of personal data from the EU to the United States. To enable our EU customers to meet this requirement, Smartsheet self-certifies under the EU-US Privacy Shield and the Swiss-US Privacy Shield. You can view our status on the Privacy Shield website.
Keeping your data secure is our most important job. That’s why we protect all customer data with a rigorous combination of infrastructure and procedures. Smartsheet was built with strict security requirements and protocols to ensure the security your data.
Our security practices are examined and tested (SOC2, Type II), which means that we routinely subject ourselves to an independent audit to show that we do what we say we do with regard to security.
Furthermore, our application is regularly penetration tested, which means we have an independent security company test our product for any weaknesses, so that we can take action to resolve them.
For more information about our security practices, please visit the Security Information page.
How Smartsheet is Preparing
As I mentioned previously, we are undergoing the process of updating our current policies and practices to ensure compliance with the GDPR standards as of its May 25, 2018 effective date. In the meantime, we’re happy to answer any questions you have on GDPR. You can email your questions to firstname.lastname@example.org.
Note: This post will not be updated regularly. For the latest information on Smartsheet and GDPR, please visit this page.