Does anyone know how much a dedicated server is, located in London? I have a client who needs to be GDPR compliant among other things so data needs to be stored in the UK.
Data location has nothing to do with GDPR compliancy.
GDPR applies to European citizen or residents regardless of their data location.
You could use an alternative db, avoid using a dedicated plan, and it would be much cheaper. Let’s chat!
Bubble’s normal plans are not inherently GDPR compliant since the EU-US Privacy Shield was revoked, you can’t easily transfer and host EU/UK data in the US without risking breaking the requirements. We find we’d need either a dedicated server here in the UK or use an external database, but we wanted to see how much it would be first.
1 Like
As I was saying, storage location is not relevant here.
As long as the legal entity processing the data is subject to the Patriot Act, you simply can’t be GDPR compliant.
In the context of a data processor subjected to afore-mentioned US regulation, the only way is to use in-transit and at-rest encryption with keys hold by a EU legal entity.
Any other setup is easing one’s conscience without solving the underlying issue.
1 Like
what would you recommend in your experience? Would xano work?
Sounds like encryption in transit is the biggest issue if you’re using bubble. Most all data passes thru their servers even if it’s just transitory.
Is that right @redvivi
Correct.
I’m no lawyer but you could store the data in the EU and pass all data encrypted.
It’s be some work but totally doable. I’d love to hear from others in the area with more experience.
2 Likes