Smilenotes is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect on 25th May, 2018. It is designed to protect EU citizens and provide more control over their data. It seeks to reshape the way organisations across the region approach data privacy.
Our customers can trust that we have made GDPR a priority and have taken steps to ensure our compliance with the new data protection regulations. This blog post outlines our approach and progress to date.
What We Are Doing
We are implementing our company-wide GDPR compliance strategy leading up to 25th May, 2018 and beyond. We understand that our customers have requirements as a result of GDPR that are directly impacted by their use of Smilenotes, and we are committed to helping our customers fulfill their requirements under GDPR.
Below are a few examples of the things we have committed to in order to satisfy GDPR requirements:
- Committing to the security and privacy measures required under GDPR.
- Notifying regulators of personal data breaches on our systems and promptly communicating any such breaches to our customers and end-users.
- Ensuring any staff or contractors that access and process our customer’s personal data have a duty to maintain the confidentiality and security of that data.
Where do we transfer customer data?
We currently store your patient/client data in data centers provided by Digital Ocean located in the United Kingdom and Amsterdam.
Can you guarantee that my data will stay in a certain location?
All patient/client data that you store on Smilenotes will be hosted on physical servers located within the European economic region, (London or Amsterdam).
We may transfer your own personal data (such as your personal email address and your name) onto servers located in the US and Canada. For example, we use a tool called Mail Chimp (for sending emails to our customers) which transfers data to servers located in the US.
Smilenotes commits to ensuring such transfers are compliant with applicable data transfer laws, including GDPR.