Dear community,
I'm seeking your help on this critical matter:
My client is in Europe, it is a GDPR breach if their data leaves Europe, does Airtable has storage in Europe? My client needs to upload videos to our tables. The attachment bucket seems to be a S3 bucket in the US. Do you have a quick workaround for this matter? Happy to provide our own data storage on S3 which is in Europe.
If we don't resolve this we have no choice but to move away from lovely Airtable :((
Thanks
Hey Alan 👋
Read the following on GDPR at Airtable, there's a contact email listed if you'd like to ask further questions.
Airtable has an office in London now, so let's hope they will get full GDPR compliant in the near future.
Airtable has an office in London now, so let's hope they will get full GDPR compliant in the near future.
The location of their office in the UK is irrelevant to GDPR compliance, nor does it signal such a possibility. They also have other offshore [sales] offices but no plans to co-locate data in these countries.
>>> Happy to provide our own data storage on S3 which is in Europe.
This won't magically achieve GDPR compliance because all the other data is off-shore and outside Europe.
>>> Happy to provide our own data storage on S3 which is in Europe.
This won't magically achieve GDPR compliance because all the other data is off-shore and outside Europe.
I appreciate your response, the 'other' data is not identifiable.
The location of their office in the UK is irrelevant to GDPR compliance, nor does it signal such a possibility. They also have other offshore [sales] offices but no plans to co-locate data in these countries.
Correct, depends on the functionality the office seeks. I hope would not be only sales.
Hey Alan 👋
Read the following on GDPR at Airtable, there's a contact email listed if you'd like to ask further questions.
Will try to reach out to the privacy team. Thanks for the link.
I appreciate your response, the 'other' data is not identifiable.
>>> ... the 'other' data is not identifiable.
And that somehow makes it not subject to GDPR despite the linkage between other fields in the record and the attachment documents?
It's my understanding that any data that is formulated in a manner such that it references identifiable data, makes all of the data "identifiable". Since the records themselves include a link to the attachments, I'm almost certain it matters not that the attachment is stored inside EU boundaries; data stored outside the EU provides the gateway and seamless rendering of data stored inside the EU. You should check with legal counsel on this point.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.