Is Cloudflare Sites accessible from the EU and therefore compliant with the GDPR?
If so, how do I get it to work? The host is currently located in Canada.
Hi, welcome to the Community.
First of all, note that Cloudflare Geolocation data for the IP addresses is inaccurate as the IPs are anycast (https://www.cloudflare.com/learning/cdn/glossary/anycast-network/) and can respond from anywhere in the world.
Cloudflare Pages is built on KV, which stores data in the US and the EU and caches in one of 300+ local cities: How KV works · Cloudflare Workers KV
Data on our GDPR compliance is here:
Notably
When Cloudflare transfers personal data from the EEA, Switzerland, or the United Kingdom (“UK”) internationally, we rely on the European Commission’s Standard Contractual Clauses (“SCCs”), including supplementary measures as necessary, or, for transfers to the United States, we have also certified our compliance with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”), and/or the UK extension to the EU-U.S. DPF. Our standard Data Processing Addendum (“DPA”) will continue to incorporate the EU SCCs to ensure we have multiple legal bases for processing data.
Please note however that I am not a lawyer nor am I qualified to give legal advice. I recommend checking the above information with a lawyer to ensure you are on the right path. Thanks!
How do I know where the data is located?
The document above about KV covers it, the data is stored in both the US and the EU but also any of the 300+ cities that the data was previously accessed in.
I would not think that static Pages assets are personal data though, but again I am not a lawyer and cannot give legal advice.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.