Skip to main content

Hello,

 

Our organization has used the free version for some time and like the Miro tool, we are undoing a process so we can get the paid version. We needed a GDPR check done by our Data Protection Officer. He looked at the links to the DPA and GDPR Privacy Policy by Miro and said that Miro was likely compliant but we need a Transfer Impact Assessment to finalize the review. Specifically he said (emphasis mine):

 
"

According to https://help.miro.com/hc/en-us/articles/6491838039570-EU-Data-Center-Residency, all data processed by Miro is stored exclusively on servers in the EU. The main data center is located in Ireland, with a second data center in Frankfurt. However, the following functions may involve data transfers to the USA:
- When personal data is shared in the context of customer support
- If users choose to share data with integrated third-party providers
- Data processed by sub-processors
, sub-processors can be found at the following list (https://miro.com/legal/documents/Miro-Current-Subprocessors-List.pdf)

- Usage data

Miro provides an 
DPA, which is available at https://miro.com/legal/documents/Miro-Data-Processing-Addendum.pdf.

This incorporates and individualizes the EU standard contractual clauses.

In addition, he refers to a list with TOM's, which can be viewed at https://miro.com/legal/documents/Miro-Security-Policy.pdf.
The 
agreement meets the requirements of Art. 28 (3) GDPR.
Since personal data may be transferred to countries outside the EU when using Miro, a TIA (Transfer Impact Assessment) must be carried out in accordance with clause 14 of the standard contractual clauses

This in order to determine whether the measures taken by Miro ensure an adequate level of data protection.

Only then, in my estimation (DPO), can we conclusively say whether the tool can be used in a privacy-compliant manner." 

So my question is whether or not Miro has a TIA and if so, can it be sent to me for our review process.
 

Hi Jesse,

I have the same question and challenge.
There has been no feedback on the TIA from the sales and legal team so far. Have you already received a solution?


Hello,

 

we have the same question and challenge. I'd like to request the Transfer Impact Assessment (TIA).

I have written a mail to hello@miro.com but have not received any reply.

 


Reply