I cannot see any features for this, does anyone know if it is possible.
We have an application that primarily have users in the EU, and we would love if it was posible to setup so that we only use servers in the EU, it would solve som potential GDPR issues… So even if a user traveled to the US he would still hit the nearest EU edge server, rather than hitting a US server.
The reason being that the data would then be decrypted on the US server and sent to the Origin server encrypted, but a lot of customers would prefer that it was only decrypted and encrypted on EU servers…
This is how Cloudflare handles GDPR:
Yup, I’ve found that of course. But after Privacy Shield was invalidated it is different in each EU country/company how they then require you to comply, most accept SCCs but others want you to do more… But it is widely accepted that if you don’t transfer data outside the EU it is compliance… since we don’t really need the global aspect, it would be nice if it was possible to just only have the EU servers of Cloudflare handling the requests…
You are probably looking for this:
You are probably also interested in this:
You should talk to your own lawyers though. The main GDPR issue with Cloudflare is that the log and other data is shipped outside the EU. Nothing in GDPR requires you to maintain a single unencrypted TLS connection from the user to a server located physically inside the EU, and that would not be practical in any case. You are required to ensure that you manage the users data appropriately, and have appropriate controls in place. Just keeping the data inside the EU is not enough for compliance if you have no controls (contractual or otherwise) in place.
Those were in Section 8 of the Support document I linked to in my reply, not realizing that the poster had already read that, but didn’t mention it.
Always good advice when there’s any concern regarding one’s website and GDPR.
This topic was automatically closed after 30 days. New replies are no longer allowed.