[lbriner]

Surely you don't have to degrade your security to a lower UK standard, you can still meet GDPR and make it clear on your website, "Do you conform to GDPR?", "Yes we do. Although the UK have a lower standard of data protection, we still meet the stricter standard"

[bambax]

From TFA:

> Whatever we say to our customers about how Cronofy approaches data privacy and controls, corresponding enforcement will not follow. (...) We can make our protestations about ISO certifications, data management controls, segmented data hosting. However, prospective customers won’t necessarily get that far because we’ll be discounted based on our location. I don’t blame them. Data protection is fraught and complicated. Why even entertain the risk of going with a provider from outside the EU.

[archsurface]

I work at a global identity company in the UK - we don't have such problems. I'm afraid this blog post is nothing but grandstanding.

[rodelrod]

> we don't have such problems

Yet. Because you're still on compliance and procurement whitelists. If UK's regulation are no longer up to EU's standards, UK drops out of the whitelist and any supplier there jumps off the fast-track into the slow lane of "compliance audit". Spoiler: that's the point at which the contracting manager drops you for your far less able competitor that's hosted in Dublin or Amsterdam.

[bellyfullofbac]

For how long now? Could it be that many EU potential customers haven't even talked to your company since 2016, and the people who are still talking to you are the ones who aren't worried about exporting their data outside of the EU?

[archsurface]

Plenty of new customers since 2016, worldwide. Aren't worried about identity data, but are worried about their calendar?

[fabrika]

I presume EU customers mostly use non-EU operating systems, browsers, other software. I find it hard to believe there's a real barrier.

[rodelrod]

Software you run on your machines is not a huge problem except in heavily regulated industries. Services that store and handle company's data, very much are.

[kuschku]

If the company were to breach GDPR, which regulator would enforce it?

If UK law would require backdoors in a way that conflicts with GDPR, how could they remain compliant?

[archsurface]

Backdoors for a calendar app no one's heard of? No offence, but bigger fish to fry. And why would the company breach GDPR if it's making such a fuss about sticking to it?

[nickd2001]

Although maybe Cronofy is not yet well-known, Adam Bird was also founder of Esendex which became pretty huge (Commify that is now known as)

[archsurface]

Your logic is that a government would want a backdoor in this app because another app was successful? Just because the same founder? That's a lot of hopeful backdoors - poor return on investment for the government. I've worked on bigger projects than that without backdoors. "Pretty huge" is relative I guess - I certainly wouldn't describe it as that. I seriously doubt that app had a government backdoor, and neither will this one. Was that an attempted appeal to authority?

[nickd2001]

Ah, all I meant was just that since Esendex got pretty huge (e:g IIRC they did bulk texting for the Obama campaign), given that its the same founder, perhaps Cronofy could end up big too. I guess my angle was simply, this is potentially a large company, his previous one was (and apparently a decent place to work according to people I know) and its a great shame if such a good tech business is driven to moving to a different country . BTW it wasn't me that downvoted you, it was a fair argument :)

[kuschku]

Having access to the calendar of e.g. the Airbus management would be very useful for industrial espionage.

Snowed proved that the US used backdoors in Microsoft products to access calendar entries snd emails to give Boeing an edge during negotiations.

[lentil_soup]

I was thinking the same but maybe if they're UK based they can't legally guarantee a certain level of data protection. Customer trust could be eroded even if you tell them you'll follow the GDPR standards.

[klausjensen]

The reasoning is covered in the article.