FREQUENTLY ASKED QUESTIONS
Q. What is data transfer under GDPR?
A. The GDPR imposes limits on transferring personal data from residents of an EU member country to another country. In general, those limits do not apply if the other country has been deemed to offer “adequate” privacy protections, or if another legal protection (like Standard Contractual Clauses) are in place. Since the United States does not have adequate privacy protections, Mixpanel relies on Standard Contractual Clauses for “data transfers.”
Q. How long can personal data be stored?
A. Personal data should only be stored as long it remains necessary for the purpose for which it is collected.
Q. Can you transfer data outside the EU?
A. Yes. Although the GDPR limits the transfer of personal data, it does not apply to data generally and it does not prohibit all transfers of personal data out Europe. Indeed, the GDPR includes mechanisms (such as Standard Contractual Clauses) for transferring personal data out of the EU.
Q. Does GDPR require data to be stored in EU?
A. No. The GDPR does not require personal data to be stored or processed in the EU, but it makes compliance with the GDPR easier if personal data is stored and processed in the EU.
Q. Can EU data be stored in the US?
A. It depends. If Standard Contractual Clauses are in place and you have gotten appropriate assurances regarding the security of the processing, personal data can be stored in the United States. However, certain EU regulators have taken a harder line approach and advised companies against storing personal data in the United States.
Q. What are standard contractual clauses GDPR?
A. Standard Contractual Clauses are contracts developed by the European Commission governing the transfer of personal data across national borders. They provide for a set of predetermined obligations and (in general) cannot be negotiated between the parties.
Have more questions? Please reach out to us at firstname.lastname@example.org or email@example.com.