Without being aware of it, many companies have been violating European privacy rules since this summer. Working with US cloud service providers is no longer covered by GDPR rules. This is because the European Court of Justice has declared the Privacy Shield agreement invalid. The agreement, which regulated how the US handles the processing of user data from European citizens, was created to ensure continued use of cloud services provided by US companies. However, it now turns out the Privacy Shield is not sufficient after all.
The General Data Protection Regulation (GDPR) states that personal data may not be simply transferred to individuals or organisations based in countries outside the European Economic Area (third countries), such as the US. This is only allowed if the level of personal data security guaranteed by the GDPR is not undermined in those third countries. The Court of Justice holds that the Privacy Shield cannot guarantee an adequate level of protection. This is because, under US law, the intelligence and security services there have the right to access and use EU citizens’ data.
Therefore, if you want to comply with GDPR rules (and of course you must), it is no longer possible to store customer data with or work with US cloud services. In short: If you work with research tools from the US, you are not working according to GDPR rules. You may also be working with American parties without realising it. For example, if your suppliers process data via American cloud services, you are not working according to GDPR guidelines. To ensure you are doing the right thing, we recommend verifying all your suppliers to remain compliant.
Ensuring GDPR Compliance with Crowdtech
Many companies have been unknowingly violating European privacy rules since this summer. Using US cloud service providers is no longer covered under GDPR rules. This change comes after the European Court of Justice invalidated the Privacy Shield agreement, which governed how the US handled the processing of European user data. Initially created to ensure the safe use of US cloud services, the Privacy Shield has proven inadequate for protecting personal data.
Do you use Crowdtech technology? Then you’re covered. Our platform complies with GDPR rules. We do not outsource our hosting to third parties. Our hardware is located in our data centre in Amsterdam, and our technology is developed and maintained by ourselves. So, your data always stays within the EU, ensuring you comply with GDPR rules.
Using Crowdtech Insights, you benefit from a comprehensive research platform that integrates multiple tools while ensuring full compliance with GDPR standards. Our Data Security and Privacy features, such as encryption and secure data storage, further protect your data, giving you peace of mind and building trust among your respondents.
Additionally, the Single Sign-On (SSO) feature simplifies the login process, enhancing security and user experience by allowing access with one set of credentials.