Ensuring GDPR Compliance for Serverless Functions and Database

Hello Fly Community,

I am using Fly to host serverless functions and a sqlLite database for my application, hosted in Paris. As we are committed to adhering to GDPR standards, which is in our case a highly sensitive requirement.
I need to make sure the data lives and stays in Europe.

  1. Serverless Functions Deployment:
  • How can I ensure that my serverless functions are exclusively running in EU-based regions, specifically Paris (CDG)?
  • Is there a way to restrict function deployment and execution to only EU regions to comply with GDPR data residency requirements?
  1. Database Residency and Transfers:
  • I need to confirm that my database is located in Paris (CDG). How can I verify this?
  • Does fly transfer data between regions or outside the EU for serverless functions or databases? If so, what controls are available to restrict this?
  1. Data Protection and Compliance:
  • What measures are in place to ensure the protection of data, especially for serverless functions that might be deployed at various edge locations?
  • Can you provide any documentation or certifications regarding Fly’s adherence to GDPR, particularly concerning data residency and cross-border data transfers?
    I think there is a GDRP compliance we can sign, but this is for account personnal information not related to our servers isn’t it ?
  1. Handling Dynamic Edge Deployments:
  • Given the nature of edge computing and serverless architecture, how does Fly handle data residency compliance when functions might be dynamically deployed across various regions?

Understanding the specifics of how data residency and transfers are managed in a serverless and edge computing environment is crucial for our GDPR compliance strategy. Any detailed information, advice, or documentation you can offer would be greatly appreciated.

Thank you for your support.

Best regards,

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.