Find below answers to the most often asked questions about our GDPR compliance, though we are storing data on US servers outside the EEA (European Economic Area), how the Schrems II decision impacts us, including the US-EU Privacy shield, and whether we have plans storing data in the EU datacenters.
Is FogBugz GDPR compliant?
There is no stamp of GDPR compliance that companies can get.
Our company currently processes personal data lawfully in accordance with the Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) and the General Data Protection Regulation (GDPR).
Storing FogBugz Data on US servers
No Plans About Storing FogBugz Data in the EU
Currently, we have no plans on the roadmap hosting the FogBugz cloud in the EU. If needed, you can switch to FogBugz On-Premises to get around this, however, if you're using Kiln, please note that Kiln is not available for On-Premise.
GDPR - Schrems II
GDPR Schrems II refers to the "Schrems II decision” of the Court of Justice of the EU, also related to the US-EU Privacy shield.
We are monitoring the development and will update our documentation and processes as required.
If FogBugz is GDPR compliant, why isn't HIPAA compliant?
GDPR focuses on protecting EU citizen's PII data. HIPAA focuses on PHI data within the United States.
GDPR also addresses “sensitive personal data” such as racial or ethnic origin and religion. HIPAA, in contrast, is limited to PHI alone.
GDPR gives data subjects — anyone whose personal data is being collected, processed, or stored — specific rights that differ from HIPAA.