A data transfer is defined by the GDPR as processing taking place in a third country, or an international organization outside the European Union (art. 44).
In the event of a transfer, the GDPR requires:
- transparency about where data is transferred (art. 14.f);
- appropriate guarantees to ensure continued compliance with the GDPR alongside this transfer (chapter 5);
Piano Analytics offers the following guarantees:
- All its customers' audience measurement data is processed and stored within the European Union (see article 16 transfer outside the EU of our Personal Data Processing Agreement), thus guaranteeing no physical and active transfer of data.
- Appropriate technical measures, such as Pseudonymization and Anonymization, and data encryption.
- In the event of a hypothetical transfer, Piano has binding business rules (BCR - validated by the EDPB), as a viable transfer mechanism under the GDPR (art. 47): piano.io/bcr.