I have noticed that U.S.-EU Privacy Shield was invalidated. What does that mean for my data in the GoodData Platform? Our company is based in the EU, are we affected? Do we need to move our data to your EU data center?
Best answer by honzatko
You don't need to do anything. If you use GoodData Platform to analyze personal data from the EU, you have already signed a Data Processing Addendum with us. This addendum includes Standard Contractual Clauses (SCCs). This is a “safety net” that allows cross-border transfer of data when there is no adequacy decision or agreed-upon data transfer framework, such as the recently invalidated Privacy Shield or its predecessor Safe Harbor. Thanks to these SCCs, you are “fully covered” in all our datacenters.
It does not really matter which GoodData datacenter you use, GDPR does not mandate usage of EU/EEA-based datacenter; all you need to ensure is the existence of a lawful mechanism for transfer of data from the regulatory zone. Some companies prefer usage of European datacenter due to the commitments to their clients or some industry-specific regulations, but from GDPR standpoint, all our datacenters are equal and in compliance.