SmartSuite: Announcing GDPR Compliance

In the global compliance landscape, data security, privacy and compliance are paramount. Organizations handle sensitive information daily, and ensuring the confidentiality, integrity, and availability of this data is critical. We’re excited to announce that SmartSuite is now GDPR compliant.

GDPR Compliance: What It Means for You

The General Data Protection Regulation (GDPR) governs the processing of personal data of individuals within the European Union (EU). By achieving GDPR compliance, SmartSuite ensures that your organization can confidently manage sensitive data while adhering to EU privacy regulations. Here’s what you can expect:

1. Enhanced Data Privacy

• SmartSuite implements robust data protection measures, including encryption, access controls, and audit trails.
• Personal data is handled with utmost care, ensuring privacy rights are respected.

2. Consent Management

• SmartSuite provides tools to manage user consent effectively.
• Users have control over their data and can grant or revoke consent as needed.

3. Right to Erasure (Right to Be Forgotten)

• SmartSuite supports the right to erasure, allowing users to request the deletion of their data.
• Compliance with this fundamental GDPR principle ensures transparency and user trust.

EU Datacenter: A Localized Solution

In Q3 2024, SmartSuite will launch a datacenter located within the European Union. Here’s why this matters:

Reduced Latency: Users in the EU will experience faster response times due to proximity to the datacenter.

Data Sovereignty: Hosting data within the EU ensures compliance with local regulations and GDPR.

An Important Side Note: Contrary to popular belief, GDPR does not explicitly mandate that personal data must be stored within the EU or the European Economic Area (EEA) for compliance. Instead, GDPR imposes stringent requirements on the transfer of personal data outside these regions.

It is indeed permissible to store and process personal data of EU and EEA citizens outside the EU, provided appropriate safeguards are in place to ensure data protection and GDPR compliance. Current EU customers can be confident that SmartSuite is adhering to the GDPR requirements with this new certification, and will be fulfilling additional requirements when we launch our datacenter in the EU.

Under the General Data Protection Regulation (GDPR), the transfer of personal data to countries outside the EU/EEA is allowed if certain conditions are met to ensure that the data is adequately protected. These safeguards include:

1. Adequacy Decision: The European Commission can decide that a third country, a territory, or one or more specified sectors within that third country, or an international organization offers an adequate level of data protection. If such a decision is in place, data transfers can occur without any further safeguard.
2. Standard Contractual Clauses (SCCs): These are pre-approved model contracts that include provisions to protect data being transferred internationally.
3. Binding Corporate Rules (BCRs): These are internal rules adopted by multinational companies to allow intra-organizational transfers of personal data across borders.
4. Derogations: In specific situations, data transfers may occur based on explicit consent of the data subject, the necessity for the performance of a contract, important reasons of public interest, or for the establishment, exercise, or defense of legal claims.
5. Other Mechanisms: There are additional mechanisms like codes of conduct or certification mechanisms, which are still evolving and being developed under the GDPR framework.

Thus, as long as these conditions are met, personal data of EU and EEA citizens can be processed and stored outside the EU in a manner compliant with GDPR.

Learn More

To learn more about our GDPR compliance practices and the upcoming EU datacenter launch, reach out to your SmartSuite account representative or contact our sales team at sales@smartsuite.com. We are committed to supporting your critical work while safeguarding your data and respecting privacy rights. Through this certification, we are able to work with our EU customers immediately.