EEA. 2.1. The definition of “Data Protection Laws” includes the General Data Protection Regulation (EU 2016/679) (“GDPR”). 2.2. When Smartsheet engages a Subprocessor, it will: 2.2.1. require any appointed Subprocessor to protect Customer Personal Data to the standard required by applicable Data Protection Laws, such as including the same data protection obligations referred to in Article 28(3) of the GDPR, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR; and 2.2.2. require any appointed Subprocessor to agree in writing to only process data in a country that the European Union has declared to have an “adequate” level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses.
Appears in 2 contracts