Blog > Inventory Alarm and the Privacy Shield
11 december 2020 - last updated 14 februari 2022 - klik hier voor de Nederlandse versie
On July 16, 2020, the EU-US privacy shield was declared invalid. Since then I have been working on this for Inventory Alarm. In this article, you can read which steps have already been taken, what the status is at the moment and which follow-up steps you can expect.
Background
In terms of technology, features, support and much more, US based services have a fantastic offering and I have a lot of experience with them. Nevertheless, in view of these kinds of legal developments, it is (unfortunately) wise to take a closer look at this and to investigate whether there are no alternatives where you can be more sure that no GDPR rules are being violated.
If you set aside a moral and/or practical judgment about how bad or likely it is that US intelligence services would snoop around in your customer data, the legal GDPR reality remains that you as an entrepreneur have to do something with.
This article is a translation of the Dutch blog post that was published earlier. There has been a lot of news coverage about the invalidation of the EU-US privacy shield.
The (Dutch) Data Driven Marketing Association has a clear roadmap with which steps to take (in dutch)
It means, that this privacy shield is no longer a valid basis to transfer personal data to the US.
As a result, Inventory Alarm is moving from SendGrid to Rapidmail.
Which steps have already been taken for Inventory Alarm?
With the DDMA step-by-step plan in hand, the following steps have already been taken:
“1. Make a list of who receives data”
In the privacy statement of Inventory Alarm and the privacy statement of the dashboard these are listed under Sharing personal data with third parties.
“2. Check which receiving parties process data outside the EU”
This information can be found in the two privacy statements as well.
There is one receiving party that processes personal data outside the EU:
SendGrid
In short, SendGrid has no plans for EU servers.
Since October 10, 2020, all low stock emails are sent via Rapidmail.com, an email provider from Germany, fully hosted in Germany and therefore with all data storage in the EU .
The experiences with Rapidmail over the past month are very positive. An additional advantage is that Rapidmail appears to have a higher delivery percentage than Sendgrid!
After an extensive test, with one of our largest customers, the switch was made. For all new customers since October 10, Rapidmail is now used for email subscriptions and back-in-stock emails. Existing customers who have not yet set up domain validation will automatically switch to Rapidmail as soon as they complete domain validation.
We will also be inviting customers who have already set up domain validation at Sendgrid to switch.
“3. Where possible, opt for data storage within the EU”
As mentioned in this blog post, SendGrid is being phased out and using Rapidmail.
An interesting, long list of EU alternatives can be found at Sales Loves Marketing. This list can also contain interesting information for your own e-mail marketing.
The Inventory Alarm web application and database is hosted at Microsoft Azure, Region: West Europe. This data center is located in Netherlands (EU). The web hosting service is purchased from Microsoft Ireland Operations Ltd, an independent subsidiary of Microsoft, based in Ireland (EU).
In the privacy statement of Inventory Alarm and the privacy statement of the dashboard the information about Microsoft now updated. This information about Microsoft provides sufficient guarantees that the data does not end up in the hands of authorities in non-EU countries such as the US.
Finally, an analytics tip: if you are looking for EU-based website analytics that value privacy, I can recommend these two: Plausible.io (Germany) and Simpleanalytics .com (Netherlands). For the inventoryalarm.com website you are currently viewing, I also use Simpleanalytics.com myself. The Inventory Alarm Dashboard does not use analytics.
“4. Inform those involved”
The first step in this was to adjust previously linked privacy statements. Subsequently, this blog post was written to inform you about the process and the status.
Inventory Alarm integrates with Lightspeed eCom. That is why I also asked Lightspeed, through the partner manager, to keep each other informed about this. On the community forum, a post (Dutch) has already been written about this by a Lightspeed eCom customer, including a response from Lightspeed.
“5. Follow updates from Data protection authorities”
The website of the Dutch Data Protection Authority has the latest news items on the homepage, as well as an article about Schrems II (Dutch). Furthermore, through a number of online communities I am in contact with other online entrepreneurs and lawyers who keep a close eye on this.
Next steps
Finally, I will continue to actively monitor this. Depending on the developments, this blog post will be updated.
Written by Jeroen
@jeroenbai
