Question
How can data be transferred for processing to other parties in potentially different jurisdictions while staying in compliance with legal and regulatory requirements?
Context
Modern SaaS applications are often composed from multiple APIs. For example, an online store may focus its own application logic on the specific product catalogue, but will potentially out- source standard functions such as user sign-on, sign- in, email notifications, billing etc. to third party providers. This third-party functionality is often exposed through an API and is a part of the business offering in an API economy.
Solution
Different laws and regulations have incorporated the concept of compliant data transfer in their body. For example, EU GDPR provides possibility for compliant transfer of data to third-country data processors using the contractual “model clauses”.
References
Data transfer outside Europe - ec.europa.eu
Contract model for transfer data to third country outside europe - ec.europa.eu