encryption key

  • GDPR and transferring encrypted data outside of EU

    Recently, there has been discussion regarding whether or not it is GDPR-compliant to transfer encrypted data on applications based outside of the EU. An example of this is Dropbox, as they have US-based servers, therefore if personal data is transferred through the Dropbox system, then technically it has been transferred outside of EU jurisdiction and is no longer GDPR compliant.

    However, personal data sent in this format is usually encrypted and only the necessary individuals are given the encryption key to gain access to the data. So, in this instance, is the transference of the data compliant?

    Although, the data may have been transferred outside of the EU the encryption key is not stored on the Cloud servers, therefore there is no identifiable information from the provider. However, there is always a possible risk that a data breach will occur if an unauthorised source obtains the key by force.

Make a free enquiry, call now

0151 659 1070




Please let us know your name.



Please enter a valid telephone number



Please let us know your email address.



Please let us know your message.

Please tick the box below

Invalid Input

Invalid Input
I understand that by submitting my query to you, my personal data (name, email address and contact number) will be processed by you in order to contact me and assist me with my query. I confirm I have read and understood the Privacy Notice and I consent to you processing my data for the purpose of contacting me to assist me with my query.




How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Make a free enquiry - Call now - 0151 659 1070