Whether a software or service can be used in compliance with the GDPR is often difficult to determine. Many providers answer this question with a blanket “yes” and potential users are willing to trust such statements when deciding on one of these services.
Take a closer look at the contributions of well-known services from popular U.S. providers. For example, many of them continue to refer to the “EU-U.S. Privacy Shield”. However, this agreement was declared invalid by the European Court of Justice. In response to this, many providers offer – in some cases for an additional charge – to process the data exclusively in the EU. However, it is no secret that the U.S. government would also like to access data that is managed in systems of U.S. providers in other countries. For this reason, it is probably best to avoid using such services at present until the legal framework has been clearly clarified.
In our whitepaper, we offer you a 7-point checklist in which we have summarized the most important questions and information. Have a look at this checklist to get a clue whether a service can be used in a GDPR-compliant way or not.