The label differentiates between data which is stored inside the European Union (EU) and outside the EU. We do this, because we believe it’s important for you to know whether your data is protected by the GDPR and other European law. 

‌This does not mean all data which is stored outside the EU isn't safe. However, there might be some risks. For instance, in some countries outside the EU, authorities might have access to all data, or storage possibilities might not be as safe as you hope.

‌Fun fact: even if data from European citizens is stored outside the EU, it still has some extra protections. For example, European citizens should always be able to have access to their data, and have the right to fix any mistakes in the data.

Processing vs Storage

Anything you do with personal data is called processing. You can think of collecting or storing data. Updating, arranging, deleting, distributing or other forms of making available are also processing operations. An example of processing is receiving of application forms and CVs from new employees. Anonymising personal data is also a processing, because it is a form of erasing or destroying personal data.

What we mean by "Europe"

Legally speaking, there are a number that feel like they aren't part of Europe, but that offer similar high levels of protection because they have signed agreements with the European Union. For example, Japan offers the full range of protection to European citizens. This means that if a label states your data is only processed in the EU, it could theoretically mean some data is processed in Japan. 

‌Countries that offer the highest level of legal protection for your data are:

  • The Netherlands
  • Belgium