GDPR/Data privacy Framework advice


I recently attempted to use while consulting with a mid-sizes client - however their much larger multi-national client would not approve the use of tadabase due to data PRIVACY uncertainty . This is NOT due to any actual concerns around the excellent data SECURITY tadabase have in place. It was more to do with the fact that the servers were based outside of EU and that tadabase had not (yet?) self certified with the EU-US data privacy framework

Yes, it seems to be somewhat true that for EU based organisations you can use suppliers that host their data outside the EU. However to be legally compliant that supplier needs to self-certify to DPF or you need standard contractual clauses or Corp binding rules in order to transfer data from the EU to the US. Most small/medium sized businesses (SMB) don’t have the resources to deal with this.

I have a new SMB client that could really use tadabase to build a business management system which will hold client contact details. However this concern persists as the penalties for non compliance are huge.

I believe that tadabase will base your server in the EU but that is really only feasible for larger enterprise clients.

I can carry out the Data Privacy Impact Assessment (DPIA) myself as tadabase provide excellent info on their website and I am aware of the data that will be included in the system.

I know that other vendors of “similar” nocode database tools allow you to select EU based servers quite easily but honestly I believe the broader functionality of tadabase is a better long term solution.

I was wondering if any EU based user of tadabase has addressed this issue and if so how?


Alternatively would you be interested in pooling resources to do so?


Is there a legal data compliance expert you have worked with in this particular area that you can recommend?



1 Like