Hello, we are building a web app for a client that requires us to fill out some privacy and security forms, and one of the questions regards the outsourcing service and obligations and ensuring the personal data processed is protected and secure. Basically, they need to know if also the 3rd party service is going to respect the EU GDPR Standard Contractual Clauses or Binding Corporate Rules, and need a written document that assures it.
We already tried to ask the Bubble team but they just sent us the website security page that doesn’t go much in depth about it.
Bubble does not handle the data in Europe and is not GDPR compliant.
I believe you need a dedicated plan to be abble to chose where you want your data handled. That is costy.
You’re right, I handling the data in EU was mandatory for being compliant. I just checked it and it is indeed possible to transfer the data outside of EU as long as the transfer is secured enough and the data still remains secured where it goes.
