Miro has made a commitment to our customers to ensure that their personal information is maintained and secured in accordance with various regulations around the world, including the European Union’s (EU) General Data Protection Regulation (GDPR). This is not a new policy at Miro, but we are committed to providing more insight and transparency into our operations and data protections, especially in light of the recent Schrems II decision which invalidated Privacy Shield.
Over the past year, Miro has continued working proactively to ensure alignment with GDPR for our EU-based customers. This has included modifying the architecture of our application to support 100% hosting of customer content within the EU. We’ve also made improvements within our authentication model to guarantee that board content and non-user generated content remain within the boundaries of the EU.
This commitment was underway prior to the Schrems II decision and Miro has taken pre-emptive action to ensure that we can support our customers in a post-Schrems world.
Beyond the logical and physical work that has been done to ensure that we have aligned to our customer’s needs within the EU, our Legal and Trust teams have been hard at work, as well. Our commitment to our customers’ regulatory and compliance needs can be seen in our revised Standard Contractual Clauses (SCC) and the addition of new Controller/Processor items such as Transfer Impact Assessments (TIA). Though these are fairly new requirements, we have quickly aligned our people and processes to ensure that when working with our customers, hire additional legal resources, and continue to provide proper documentation and processes for our customers.
We look forward to being your partner in regulatory, legal, and compliance requirements within the EU and elsewhere.
More information may be found in the Miro Terms of Service