Glossary

Data Residency

The geographic location where personal data is stored and processed. For EU whistleblowing channels, EU-only data residency is strongly preferred because it avoids GDPR Chapter V transfer complications, aligns with national whistleblower laws like Loi Sapin II, and simplifies the Article 6 legal-basis analysis. Confidly hosts all data in EU data centres.

Full definition

Data residency refers to the physical and legal jurisdiction in which data lives. For EU whistleblowing channels, EU-only data residency is strongly preferred (and in some sectors required) for three reasons: (1) it avoids the GDPR Chapter V complications of third-country transfers, since Schrems II invalidated Privacy Shield and the EU-US Data Privacy Framework remains contested; (2) national whistleblower laws (e.g., France's Loi Sapin II) often have strong territorial preferences; (3) it simplifies the legal-basis analysis under GDPR Article 6. Confidly hosts all data in EU data centres with no third-country transfers.

Related terms

• GDPR Regulation (EU) 2016/679, the General Data Protection Regulation, governs processing of personal data of EU residents. Whistleblowing channels process personal data of the reporter, the person reported on, and third parties named in the report. Key articles: Art. 6 (legal basis), Art. 5 (minimisation), Art. 9 (special categories), Art. 17 (erasure), and Art. 30 (records).
• Schrems II The 2020 CJEU judgment (Case C-311/18) that invalidated the EU-US Privacy Shield and tightened third-country transfer rules. EU exporters must verify case-by-case whether the destination country provides essentially equivalent protection to EU data-protection law. The practical consequence for whistleblowing platforms: EU hosting is the safe path. The successor EU-US Data Privacy Framework faces ongoing legal challenges.

Read more

• /trust