Yes, it is too silent for too long for users that really need to guarantee clients to comply to the GDPR.
I know, it is a hassle (to say the least), especially when using multiple systems and serve websites around the world.
In my previous post about Zapier, there are some great ways to sign a data-processing contract.
Even a better example is Moneybird (https://www.moneybird.com/)
In this online accounting tool, you can view all versions of these dataprocessing agreements within the tool itself. It could be THE answer most (European) Webflow users are looking for and could be signed by the Webflow User (Dataprocessor) as well as the client it self.
(in Dutch, but you can see the versions, dates when they were signed - super simple, yet effective)
Another great part about Moneybird is their transparency about all the sub-processors they use.
On their (Dutch) GDPR (AVG) page you can cleary see all and their status:
Check out all on https://www.moneybird.nl/partners/
With transparency and a data-processing-agreement (and the ability to search, edit and delete personal data), most major things of the GDPR are sorted.
Both Zapier and Moneybird have clearly written about the location of the data, and that it is possible that data gets stored and/or processed around the world (CDN, Google, etc.) But if data-processing-agreements are signed with all of the processors, then everybody should be save and sound.
EDIT: However, storing all (personal)data within the EU is something that most companies do want and in extreme cases, it is simply a must-have. The Privacy Shield active in America is a good start, but if i’m correct, it still has the power to confiscate all data and keep/use it in the United States, even if it’s personal-data from EU-customers.