[dreggie]

The blog is problematic. It came out pre-GDPR and doesn't reference GDPR.

It also has incorrect statements: "A simple attestation by the company along with referencing Privacy Shield creates compliance": No, really it does not.

So yes, would advise you to get a real DPO and Art 27 Rep in. They aren't expensive and with CCPA present now too, will likely be a good investment.

[monocasa]

The blog poost is more an explanation about why we went to the EU Model Clause structure rather than Privacy Shield, and less a real explanation of Privacy Shield.

Our DPO can be reached at dpo@jumpcloud.com as is listed in our GDPR documentation above.

And (and to be clear this me me speaking, not the company, we've got a lot of brouhaha going on with WWDC, etc), but my understanding is that you don't need an Art 27 Rep if you have a physical presence in the EU and specify have a contactable DPO.