[messutied]

Actually maybe it wasn’t clear because of the parent comment I commented in, but we are a EU company, but for our server hosting we use a US provider.

Do you know if that that makes any difference?

As a EU resident myself I completely understand, it just is a bit tough to make the changes as a small company, but if it’s legally required we’ll make them ASAP.

[nolok]

Oh yes then, you are fine if you migrate to a EU provider as long as you respect the general provisions of the GDPR (inform the user, allow access and deletion of PII, don't share it outside the EU, etc ...) ! Sorry I assumed you were a US citizen with a US company

To ensure you don't have problem down the line, make sure they themselves store their data in the EU (for exemple, french OVH allows you to chose where you data is stored, their french datacenters are fine, but I would not go with their canadian datacenters).

Allow me to remind you that it's not just the hosting but anything that touches that data, eg analytics and error reporting services are concerned too

[messutied]

Thanks a lot this is super helpful, much appreciated.

I was just thinking about the other services, for example would Cloudflare be ok? We proxy all our traffic through them, and they are key for DDOS prevention, I suppose data goes encrypted to them.

[nolok]

I cannot answer your subcomment I believe the thread might be too deep ?

Anyway sadly no Cloudflare isn't ok, it's specifically one of the three provider that got Shopify convicted in the parent article (other two being Cloudfront and Fastly).

[messutied]

Oh boy CF if a difficult one to replace :/ will have to start looking for EU alternatives.