What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is an EU legislation that is designed to protect the fundamental rights of citizens and their personal data. This law ensures that people not only know where their private data is kept but it holds organizations accountable and transparent with their practices. EUGDPR.org lists the key changes.

GDPR was officially enacted on May 25, 2018, in Europe, and it will have a significant impact on organizations around the globe. This means you. This new regulation shifts how organizations store data and relate to data in general.

The fine for non-compliance to the GDPR can be up to 20 million euros or 4% of your gross revenue (whichever of both is highest).

SmartSimple’s GDPR Readiness Journey

SmartSimple has taken all necessary steps to become GDPR compliant by implementing and strengthening the appropriate technical and organizational measures.

We acknowledge that our partners and clients require sufficient guarantees that we will be GDPR compliant, which is why we are pursuing certification from the EU Cloud Code of Conduct. According to the legislation, following a Code of Conduct is a concrete way to demonstrate and certify compliance.

As an integral part of our business ethics and DNA, we take data protection very seriously; which is why we hold our standards to the highest degree of accountability, and we apply this care into each of our systems and client-facing platforms. We acknowledge that our partners and clients require sufficient guarantees that we will be GDPR compliant, which is why we are pursuing certification from the EU Cloud Code of Conduct. According to the legislation, following a Code of Conduct is a concrete way to demonstrate and certify compliance. It is highly recommended for organizations to follow one.

SmartSimple adheres to international industry leading compliance and audit standards for your peace of mind. Learn more about our commitment to security here.

Logos for industry leading compliance

Hosting Information:

The SmartSimple platform is powered by AWS’s Amazon Elastic Compute Cloud, which is certified by the Cloud Infrastructure Code of Conduct, CISPE. Learn more about AWS’s GDPR-readiness.

Steps We’ve Taken

  • SmartSimple has formed a GDPR taskforce of key internal personnel in collaboration with clients to discuss best practices, and share knowledge.
  • We have implemented a GDPR Data Processing Policy to new and current clients. This policy is now available. For more information, please contact your account manager.
  • We have enhanced our system to better help you maintain your compliance, and manage your data governance. Our development team worked hard over the past year to develop features that expand our ability to support our clients.

How SmartSimple Can Help You Comply With GDPR

We know that when you started your career in philanthropy, privacy law was probably not at the top of your mind. However, since privacy law has an effect on nearly every department of every global organization, chances are you will be affected.

SmartSimple's aim is to help you bridge the gap between the legal and technical requirements of privacy law, allowing. We want to ensure that no matter how big, or small your team is, that you'll be able to effectively manage your privacy law compliance.

Under Article 28 of the GDPR, our commitment as a ‘Data Processor’ (see definition) is to assist ‘Data Controllers’ (see definition) in ensuring compliance to the new legislation as well as demonstrating compliance in all aspects of our processes.

Security icon


SmartSimple allows you to have full control of your security protocols. Whatever your internal policy is, we’ll match it. All data is encrypted end-to-end and can be pseudonymized. We offer various security protocols to ensure your account is protected from unauthorized access, including multi-factor authentication. Our security report highlights areas in your system that need review or improvement.

Data Subject Rights

Data Subject Rights

SmartSimple, like the GDPR, was built with the individual as its focal point. We understand how important it is for you to facilitate the rights of your clients, which is why we are developing a Request Tracker. The Request Tracker will provide you and your clients with a robust communication tool for all GDPR related information and requests.

We've added multiple features to help you organize the vast amounts of data you hold within SmartSimple, and completely automate your data management requirements. We allow you to tailor highly specific security, data retention, and anonymization policies to categories of data, and fields that contain personal information, enabling you to meet the principles of storage limitation, purpose limitation, and integrity and confidentiality.

Compliance Management

Compliance Management

SmartSimple allows you to prompt, track, and report on consent that users have provided you with. From policies to emails, to consent to the processing, we can completely automate the consent gathering process. Moreover, ensuring users have given informed consent, can execute their right to access, and to transparent information, are other requirements SmartSimple focuses on through our Personal Data Field Indication feature.



Powerful record keeping functionality allows you to create a clear audit trail, tracking every action taken within your processes. Paired with robust ad hoc reporting capabilities, you’ll be able to report on endless combinations of fields and most importantly, have evidence of the steps you've taken towards compliance.

Working Together

Working Together

SmartSimple is dedicated to developing best practices relating to the GDPR, and all upcoming privacy laws, in collaboration with our clients. We know that as a processor, we have an integral part in your compliance, which is a responsibility we take very seriously.

If you'd like to find out more about how SmartSimple can help your organization with GDPR, or privacy law compliance, please email gdpr@smartsimple.com.