How Cloudflare helps address data protection and locality obligations in Europe

We recognize that data protection in Europe presents unique challenges. Some of these challenges stem from the European Union’s General Data Protection Regulation (GDPR) and the Court of Justice of the European Union’s decision in the “Schrems II” case (Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems) — the latter of which resulted in further requirements for companies that transfer personal data outside the EU. In addition, a number of highly regulated industries require that specific types of personal data stay within the EU’s borders.

As such, Cloudflare’s Internet platform is built to support Europe’s most privacy-conscious and regulated industries, including financial services, the public sector, energy, utilities, retail, gaming, and healthcare. At Cloudflare, we build our products to meet the highest standards of security and user privacy, and we partner closely with each of our European customers to help them meet data protection obligations associated with their specific location and industry segment. We accomplish this through a variety of avenues, including:

• Our overarching corporate commitment to privacy
• Maintaining global and European security certifications
• Maintaining GDPR-compliant data transfer mechanisms
• Offering product features which support data localisation