• Overview
    Key features
    • Observability
    • Auto-scaling
    • Multi-framework
    • Security
    Frameworks
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    Languages
    • PHP
    • Python
    • Node.js
    • Ruby
    • Java
    • Go
  • Industries
    • Consumer Goods
    • Media/Entertainment
    • Higher Education
    • Government
    • Ecommerce
  • Pricing
  • Overview
    Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Login
  • Request a demo
  • Free Trial
Blog
Cover image

Privacy Shield decision for our customers

gdprsecurityprivacycompliance
09 September, 2020
Joey Stanford
Joey Stanford
VP, Data Protection & Compliance

On July 28, in a ruling privacy experts had long predicted, the Court of Justice of the European Union in its Schrem II decision struck down the Privacy Shield framework. While the decision has forced many companies to rebuild their privacy policies on the fly, the more stringent policies adopted by Platform.sh to comply with international data protection regulations have kept it protected from the fallout of the Privacy Shield invalidation.

Privacy Shield is the data transfer mechanism that was supposed to provide legal protection to authorize transatlantic transfers of European users’ data. For years, companies relied on it to evade the exacting requirements of the EU General Data Protection Regulation (GDPR). The court ruled that companies relying on Privacy Shield were not to be afforded a grace period to bring their data protection policies into compliance with the Schrem II ruling, leaving these companies scrambling and their customers in confusion.

Platform.sh and its customers, however, have nothing to worry about. Recognizing the regulatory weaknesses of Privacy Shield, Platform.sh has instead relied on Standard Contractual Clauses (SCCs) issued by the European Commission to permit the transfer of personal data to processors outside of the EU. In its Schrem II ruling, the court affirmed that SCCs remain a valid mechanism.

All our customer data is protected by SCCs. Platform.sh has executed SCCs with our cloud providers, including AWS, GCP, Azure, OVH, and Orange. We’ve also undertaken a review of our other suppliers; none of them rely on Privacy Shield.

In addition, we’ve taken measures such as encryption in transit and encryption at rest to further protect our customer data. We are also audited by a third party and hold SOC 2 Type 2 and PCI DSS Level 1 certifications.

If you have any questions about our data privacy policies, please visit our Security and Compliance page.

Get the latest Platform.sh news and resources
Subscribe

Related Content

Proudly announcing Platform.sh's participation in the Data Privacy Framework (DPF)

Proudly announcing Platform.sh's participation in the Data Privacy Framework (DPF)

Company
AboutSecurity and complianceTrust CenterCareersPressContact us
Thank you for subscribing!
  •  
Field required
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceAcceptable Use PolicyManage your cookie preferencesReport a security issue
© 2024 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺