EU Hosting to be GDPR compatible

jose9 · June 28, 2022, 12:42pm

We believe Cloudlfare is currently hosting our website thefelixproject in the US, which would be against GPRD directives. Anybody knows how to:

check where are the servers hosting our website
if they are outside EU, find the right contact/support to change this

At the moment I found no way to contact anybody at Cloudlfare, only link working was bringing me to the Community!

Thanks so much for your help!!!

KianNH · June 28, 2022, 12:44pm

If you’re not using Cloudflare Workers or Cloudflare Pages, it won’t be.

Why? If your data is stored in the EU then that’s all you really need. If you are using Workers or Pages, you can set the jurisdiction on Durable Objects which you can use for storing data.

Globally for Workers and Pages.

You can’t restrict where Workers or Pages run, they’re in every colo.

But, if you’re not using Workers or Pages and likely will need to contact the actual host of your website.

jose9 · June 28, 2022, 4:42pm

Thanks so much @KianNH for your response!

This might be the silliest question yet, but how I can see if we are using Cloudflare Workers or Cloudflare Pages? Sorry took this over with no handover, and new to the Cloudflare environment.

If not hosted by Cloudfare, is there any way we can figure out who is hosting it?

KianNH · June 28, 2022, 4:54pm

Workers will appear in https://dash.cloudflare.com/?to=/:account/workers and Pages projects will appear in https://dash.cloudflare.com/?to=/:account/pages

If you have nothing in either of those, check https://dash.cloudflare.com/?to=/:account/:zone/dns and you can do a whois on the IP address that your website is pointing to which should give you a general idea. Usually it’ll be registered to the hosting provider, i.e AWS.

michael · June 28, 2022, 10:41pm

Which directive are you referring to.

There is nothing in GDPR that states that nothing can happen outside the EU. In reality, it is possible (perhaps even probable) that even if you carry out all data processing inside the EU that your activities are not compliant with the European Data Protection Directives.

For all of its activities, Cloudflare relies on their Data Processing Agreement which incorporates the Standard Contractual Clauses to ensure compliance with European and other privacy legislation. They state that they:

believe that our EU customers can use Cloudflare’s services in a manner consistent with GDPR and the Schrems II decision

If you feel you need additional measures (over and above the default), Cloudflare offers a number of additional products, such as the Customer Metadata Boundary.

system · July 1, 2022, 10:41pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.