Our commitment to you and the protection of your data

We’re committed to helping SmartyDesk customers and users understand and, where applicable, comply with the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018.

In addition to strengthening and standardising user data privacy across EU member states, it introduces new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations are located. On this page, we explain how we help our customers comply with the GDPR.

  1. GDPR compliance
  2. Security infrastructure standards and certifications
  3. International data transfers
  4. Updates

GDPR compliance

The GDPR’s updated requirements are significant, and our global team has adapted SmartyDesk’s product offerings, operations and contractual commitments to help our customer comply with the regulation. Measures that SmartyDesk (who processes data on our customer’s behalf) has implemented include:

  • Investments in our security infrastructure and certifications
  • Updates to relevant contractual terms
  • Support for international data transfers by executing standard contractual clauses through our updated Data processing addendum, which is available to all customers, regardless of which SmartyDesk subscription they are using.
  • Offering data portability and data management tools including:
    • Import and export tools. Businesses and organisations may access, import and export their Customer Data using SmartyDesk’s tools.
    • Profile deletion tool. Help customers respond to user requests to delete personal information, such as names and email addresses, from a SmartyDesk account.
    • Workspace settings centre. See your workspace’s subscription and settings, or contact an admin who controls the workspace.
    • Data residency for SmartyDesk. Data residency for SmartyDesk allows global teams to choose the region where certain types of data at rest are stored.
    • SmartyDesk Enterprise Key Management. Complete control and visibility of access to your data in SmartyDesk using your own encryption keys.

We also monitor the guidance around GDPR compliance from privacy-related regulatory bodies and update our product features and contractual commitments accordingly. We’ll provide you with regular updates so that you’re always up to date.

Our security infrastructure standards and certifications

Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security. We’ve received several security certifications from the American Institute of Certified Public Accountants such as SOC 2 and SOC 3. SmartyDesk has received internationally recognised security certifications for ISO 27001 (information security management system), ISO 27017 (security controls for the provision and use of cloud services) and ISO 27018 (for protecting personal data in the cloud).

SmartyDesk has invested heavily in building a robust security team, one that can handle a variety of issues – everything from threat detection to building new tools. In accordance with GDPR requirements relating to security incident notifications, SmartyDesk will continue to meet its obligations and offer contractual assurances.

If you’d like to learn more about SmartyDesk’s security policies and procedures, please see our security page. It provides detailed information on how we approach security, and includes a white paper on how SmartyDesk ensures user data security in particular, including our technical and organisational measures(TOMs), as well as our encryption standards.

International data transfers

To comply with European Union data protection laws around international data transfer mechanisms, we offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for our customers who operate in the European Union and the United Kingdom. A copy of our standard data processing addendum, incorporating Model Clauses, is available here.

While SmartyDesk remains self-certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield, we aren’t currently relying on these frameworks for the transfer of personal data.


At SmartyDesk, we are committed to the security and privacy of your data. So we’re glad to comply, and help you to comply, with the GDPR. If you have any questions about your rights under the GDPR as a user or about how SmartyDesk can help you with compliance as a Customer, we hope that you’ll get in touch with us at privacy@SmartyDesk.com. Please also visit our Trust Centre to learn more about our privacy, security and compliance programmes.