Do you handle data transfers in accordance with Schrems-II?
The Schrems II decision relates to data transfers outside of Europe, and whether or not that data is handled according to privacy standards set in the EU. Our data is processed by a variety of hosting platforms, in the EU only. Nevertheless, in the wake of Schrems II, questions have arisen around data processing which takes place in Europe, but where the parent company is located outside the EU.
Signicat Enterprise is hosted by Basefarm and Open Telekom Cloud, which means that the data is hosted in Europe (Norway and Germany) and does not leave Europe. These are European hosting platforms, and as such, Schrems II does not apply.
Signicat Express is hosted by Microsoft Azure in the Netherlands, and former Connectis is hosted by Amazon Web Services (AWS) also in the Netherlands. The data also stays within Europe, although the parent companies of these hosting platforms are located in the US.
Signicat continuously monitors compliance status of our hosting providers, consulting with guidelines from the EDPB and the Norwegian Data Protection Authority. We are also observing the precedence set by different European courts in this matter. At this point, France’s highest administrative court (Conseil d’État) has ruled that AWS complies with Schrems II. Both Azure and AWS state that they commit to Schrems II. Based on the information available, Signicat’s judgement is that all our hosting solutions satisfy GDPR requirements. Any change in that situation will be clearly communicated to concerned customers.