Customer data privacy and the GDPR

by Ignacio Martinez

We take very seriously the privacy of our customers as well as their interest in keeping the personal data they entrust to Smartsheet private and secure.

We’re pleased to announce that Smartsheet has updated our policies and practices in light of the changing privacy landscape, including the introduction of the European Union’s General Data Protection Regulation (GDPR), which goes into effect today.

You can read our updated Privacy Policy here.



The GDPR is an EU regulation designed to further strengthen EU residents’ privacy rights by establishing new standards for the protection of personal data. The GDPR is designed to give EU residents more control over — and transparency into — use of their personal data across digital platforms.

Today we’d like to share some of our relevant current practices that are intended to help support customers with regard to their data privacy obligations.

Data transfers

Under the GDPR, transfers of personal data from the EU to the United States must be in accordance with a valid transfer mechanism. To enable our EU customers to meet this requirement, Smartsheet self-certifies under the EU-US Privacy Shield and the Swiss-US Privacy Shield.

As a data processor, Smartsheet also offers a Data Processing Agreement (DPA) to customers. The Smartsheet DPA has been tailored to Smartsheet as a cloud service provider and to address the unique nuances of our product, operations, and the way Smartsheet interacts with Customer Content. To request a DPA, Please reach out to

Security practices

Keeping the personal data customers entrust to Smartsheet private and secure is something that we take very seriously. Smartsheet was built from the ground up with strict security requirements and protocols to secure your data, give you control of user access, and provide you with methods to safely share information inside and outside of your organization.

For more information about Smartsheet’s security practices, please visit the Smartsheet Trust Center.


Balancing Enterprise Data Demands With Security

Privacy policy

Our privacy policy outlines how Smartsheet collects, uses, and discloses personal information we process.

We have updated our Privacy Policy to provide additional clarity and transparency for our customers. You can read our updated Smartsheet Privacy Policy here.

More questions on Smartsheet and GDPR?

Still have questions on Smartsheet and GDPR? Visit our Smartsheet and GDPR resource page for more information, or email with questions.

Our success is built on your trust


Cloud security

We’re continuing to make investments in our privacy and security as part of our broader effort to meet the complex needs of today’s enterprises. To learn more about how we keep your data secure and to support your compliance with various regulatory and industry standards, visit our Trust Center.