Am 08.05.20 um 23:52 schrieb Bernd Petrovitsch:
I assume you are aware of https://en.wikipedia.org/wiki/CLOUD_Act so using software from (heavily) US-based companies implies that all data (controlled by said companies) will - sooner or later - end up in the databases of US-3-letter-organizations. So forget about GDPR compliance with such software providers.
Curiously, the linked wiki page says to the contrary, quote:
The CLOUD Act […] provides mechanisms for the companies or the courts to reject or challenge these [warrants by US-3-letter-organizations] if they believe the request violates the privacy rights of the foreign country the data is stored in.
-- peter
