[bambax]

From TFA:

> Whatever we say to our customers about how Cronofy approaches data privacy and controls, corresponding enforcement will not follow. (...) We can make our protestations about ISO certifications, data management controls, segmented data hosting. However, prospective customers won’t necessarily get that far because we’ll be discounted based on our location. I don’t blame them. Data protection is fraught and complicated. Why even entertain the risk of going with a provider from outside the EU.

[archsurface]

I work at a global identity company in the UK - we don't have such problems. I'm afraid this blog post is nothing but grandstanding.

[rodelrod]

> we don't have such problems

Yet. Because you're still on compliance and procurement whitelists. If UK's regulation are no longer up to EU's standards, UK drops out of the whitelist and any supplier there jumps off the fast-track into the slow lane of "compliance audit". Spoiler: that's the point at which the contracting manager drops you for your far less able competitor that's hosted in Dublin or Amsterdam.

[bellyfullofbac]

For how long now? Could it be that many EU potential customers haven't even talked to your company since 2016, and the people who are still talking to you are the ones who aren't worried about exporting their data outside of the EU?

[archsurface]

Plenty of new customers since 2016, worldwide. Aren't worried about identity data, but are worried about their calendar?

[fabrika]

I presume EU customers mostly use non-EU operating systems, browsers, other software. I find it hard to believe there's a real barrier.

[rodelrod]

Software you run on your machines is not a huge problem except in heavily regulated industries. Services that store and handle company's data, very much are.