
Ask HN: Regarding GDPR and 3rd party database hosting providers - thepumpkin1979
I maintain several apps that depend on database hosted by a 3rd party provider (Heroku PG, RDS, Compose, etc), is there anything special that should be documented besides how the information comes from the signup web UI and flows into the database hosted in a third party provider&#x2F;controller? Also, if I hold signup information and IP addresses of EU citizens in such databases in a North America region, do I need to move it to an EU region?
======
termsfeed
You don't need to move data to an EU region, but you should disclose that data
is moved internationally (ie. outside the EU). This is generally done through
a "Transfer of Data" clause that looks like this:

[https://termsfeed.com/blog/wp-
content/uploads/2018/03/adobe-...](https://termsfeed.com/blog/wp-
content/uploads/2018/03/adobe-privacy-policy-storing-securing-transferring-
personal-information-clauses.jpg)

An example of consent from VSCO app for EU users to agree that data will be
transferred outside the EU:

[https://termsfeed.com/blog/wp-
content/uploads/2017/10/vsco-e...](https://termsfeed.com/blog/wp-
content/uploads/2017/10/vsco-eu-consent-outside-eu-transfer-clickwrap-box-
unchecked.jpg)

