Have you thought about compliance recently?

Most companies I know use US-based companies like AWS, Google and Azure to store their data. Some companies, but not all, are aware that, legally, this is somewhat flimsy and not exactly compatible with GDPR. Most compliance is based on the Transatlantic Data Privacy Framework (TADPF).

The success of the TADPF hinges on the Privacy and Civil Liberties Oversight Board (PCLOB), a US entity which, in theory, would hold US services such as AWS accountable if they were in breach of the TADPF. This is what guarantees that the US' privacy laws were "functionally equivalent" to the EU's GDPR.

However, the PCLOB was previously created only through Executive Orders of the President, and has now been effectively dismantled by the current administration.

So whilst the TADPF is still in effect, now is the time to think about compliance, and in the most practical way possible.

Where do you store your customers' data?
Are you using services affected by the CLOUD Act?
Can you migrate away from US-based services?
If not, what's your fallback if the TADPF gets removed? Standard Contractual Clauses?

Changes are on the horizon. If you act now, you won't have to scramble to avoid the inevitable fines later.

Yours,
Søren

P.S. Not sure where your B2B SaaS' data is stored, or if your SaaS is at risk?

My SaaS Infrastructure and Compliance Audit gives you a clear roadmap to avoid last-minute migrations and legal headaches.

Book a call today.