Skip to content
Vectel
Support/Starting and growing

First international customer, how to handle privacy

A German or Belgian customer still falls under GDPR and is straightforward. Outside the EU it gets more complex, standard contractual clauses come in and you have to know where data lives.

Try this first

  1. 1Determine whether the customer is inside or outside the EU, that changes the legal basis for data transfer entirely.
  2. 2Update your privacy statement so it is clear that for some customers you process data outside the EU, otherwise you are not transparent under GDPR art. 13.
  3. 3For processing outside the EU, use Standard Contractual Clauses from the European Commission, attached to the data-processing agreement.
  4. 4Ask SaaS suppliers where data physically lives, and prefer EU regions for customers with privacy requirements.
  5. 5Maintain a simple processing register per GDPR art. 30, useful for SMB companies to show customers too.
  6. 6When in doubt about a specific customer or country, ask a privacy lawyer, since mistakes can cost customers regardless of fines.

When to bring us in

For customers in countries with separate privacy regimes, like US companies with EU data, or UK customers post-Brexit, bring in a privacy lawyer. Vectel can fix the tooling and data-location side.

See also

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works