Hi cyberdave,
Thank you for the answer. I don’t think it’s realistic for users to check all your sub-processor’s GDPR compliance status, especially since Webflow updates this list from time to time. I do think it’s Webflow’s obligation to make sure it is fully GDPR compliant.
Working with clients from the EU it’s crucial to know whether Webflow is fully compliant.
The question raised by Daniel and others on the forum was not about some local restrictions it’s actually about Webflow’s GDPR compliance.
The question was asked several times on the forum but was never answered. Here are some more examples:
Christoph_Schober: “And are there plans for the jQuery third Party request? Actually we are forced to use this third party cdn. … this is legal topic not a feature request for the wishlist or a personal wish. jquery.com gets Visitors IP’s and i have no chance to prevent that. Also there is no information on jquery foundation site if and how they use the data. So please don’t let the whole thing leak on this little last topic.” (How Webflow handles visitor traffic and form submissions for published websites - #7 by callmevlad)
Sebastian Fiedler:
“To comply with EU-GDPR, those responsible for running a website hosted on webflow have to make sure that any third party that may come in contact with personal data (and according to the ECJ, this includes IP addresses as well) have a DPA in effect with the website owner. Webflow already offers such a DPA. So do Google and Cloudflare, but jQuery.com for example does not.” (Disable Google Fonts / serve jQuery and other | Webflow Wishlist)
How can we sell webflow hosting to the EU clients if we can’t answer the basic question - Is it fully GDPR compliant?
It seems that since Webflow is a US based company the issue of the GDPR is not taken as seriously as here in Europe. But keep in mind that the GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. The fines are just huge, and we can’t simply ignore such a crucial question.
Thank you for your help.