• Overview
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    • Observability
    • Auto-scaling
    • Marketing Teams
    • Retail
    • Higher Education
  • Pricing
  • Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Contact
  • Login
  • Free Trial
Cover image

Platform.sh and customers shielded from Privacy Shield decision

September 09, 2020
Joey Stanford
Joey Stanford
Security, Compliance and Data Protection Officer

On July 28, in a ruling privacy experts had long predicted, the Court of Justice of the European Union in its Schrem II decision struck down the Privacy Shield framework. While the decision has forced many companies to rebuild their privacy policies on the fly, the more stringent policies adopted by Platform.sh to comply with international data protection regulations have kept it protected from the fallout of the Privacy Shield invalidation.

Privacy Shield is the data transfer mechanism that was supposed to provide legal protection to authorize transatlantic transfers of European users’ data. For years, companies relied on it to evade the exacting requirements of the EU General Data Protection Regulation (GDPR). The court ruled that companies relying on Privacy Shield were not to be afforded a grace period to bring their data protection policies into compliance with the Schrem II ruling, leaving these companies scrambling and their customers in confusion.

Platform.sh and its customers, however, have nothing to worry about. Recognizing the regulatory weaknesses of Privacy Shield, Platform.sh has instead relied on Standard Contractual Clauses (SCCs) issued by the European Commission to permit the transfer of personal data to processors outside of the EU. In its Schrem II ruling, the court affirmed that SCCs remain a valid mechanism.

All our customer data is protected by SCCs. Platform.sh has executed SCCs with our cloud providers, including AWS, GCP, Azure, OVH, and Orange. We’ve also undertaken a review of our other suppliers; none of them rely on Privacy Shield.

In addition, we’ve taken measures such as encryption in transit and encryption at rest to further protect our customer data. We are also audited by a third party and hold SOC 2 Type 2 and PCI DSS Level 1 certifications.

If you have any questions about our data privacy policies, please visit our Security and Compliance page.

Get the latest Platform.sh news and resources

Related Content

Don’t be held to ransom: Security awareness with Platform.sh

Don’t be held to ransom: Security awareness with Platform.sh

AboutSecurity and complianceTrust CenterBoard and investorsCareersPressContact us
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceManage your cookie preferencesReport a security issue
© 2023 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺