Back

GDPR and the US: Can you trust American tech with your data?

28 October 2025

Understanding what GDPR really means when your data crosses the Atlantic

When you think of GDPR, your mind probably jumps to endless cookie pop-ups. But the regulation goes much deeper—especially when it comes to where your data ends up. One of the big questions in the world of computer science and data protection is: Can UK or EU-based organisations legally use US-based services like Google under GDPR?

The answer isn’t as clear-cut as you might hope.

What does GDPR actually say about US data transfers?

GDPR doesn’t flat-out ban sending data to the US—but it insists that your personal information must be treated with the same level of protection as it would receive within the EU. That was once straightforward thanks to the Privacy Shield agreement, until it was invalidated by the European courts over concerns about US surveillance laws.

Enter the EU-US Data Privacy Framework. It sounds secure, but participation is voluntary for US companies. If a business is certified under this framework, data transfers are allowed without jumping through too many legal hoops.

What does compliance really look like?

Here’s where it gets tricky. Just because a US company is able to receive your data doesn’t mean it automatically follows GDPR. UK and EU organisations must still carry out due diligence:

  • Are they only transferring data to certified companies?
  • Have they signed Standard Contractual Clauses (SCCs)?
  • Have they assessed the risk of US surveillance laws applying?

Failing to do any of these could land an organisation in hot water with the ICO.

The hidden risks you can’t see

Even more concerning, if a company has handed over your data to the US government, they’re legally not allowed to tell you. Gag orders mean you could be unaware that your information has already been shared. That’s why GDPR isn’t based on trust—it demands verifiable protection.

So, can you use Google and still be GDPR-compliant? Yes—but only if both Google and your organisation have taken all the right steps. If not, you could be unknowingly breaching GDPR.

Want to know more? Check out The Lesson Hacker’s YouTube video – 

For more Lesson Hacker Videos, check out the Craig’n’Dave YouTube playlist HERE.

Be sure to visit our website for more insights into the world of technology and the best teaching resources for computer science and business studies.

Stay informed, stay curious!

Related posts

What is a code pointer?

Demystifying stars, ampersands and memory mishaps. Pointers in programming can be baffling — all those stars and ampersands, but what do they actually mean?
We break down code pointers using sandwiches, and sticky notes, to make sense of it all.

When the cloud breaks: lessons for teachers from the AWS outage 

On a busy Monday morning, teachers across the UK found themselves staring at error messages instead of lesson plans, thanks […]

24 October 2025

Time2Code – update to 02-02 Largest number program

A lot of students are getting confused about the success criteria of the largest number program in level 2. The […]

23 October 2025

The hidden cost of non-specialist teaching in Computing

In secondary schools across the UK, a growing concern is emerging around the use of non-specialist teachers—particularly in computing. While […]

17 October 2025
Student in a library.

Smart Revise October 2025 update

Archived tasks no longer appear in a student’s task list It’s a fact, some students don’t complete their Smart Revise […]

11 October 2025

Beyond the classroom: Why networking matters for Computer Science teachers 

Staying siloed in the classroom can limit growth, especially in a fast-moving subject like Computer Science. Building external networks exposes new ideas, provides support, and helps teachers and departments thrive.

10 October 2025

Beyond the bookshelves: rethinking the role of secondary school libraries in 2025 

Secondary school libraries in 2025 shouldn’t just store books — they should inspire, collaborate, and engage students in new and exciting ways. It’s time to rethink the library as a dynamic learning hub, not a quiet relic.

3 October 2025

Why Should I Care About GDPR?

Understanding why GDPR matters. Take control of your data—before someone else does. GDPR isn’t just legal jargon—it’s your digital safety net. Find out how it protects your personal data and why you should care, even if you’re “just” browsing.

30 September 2025

How does blockchain work?

Blockchain may sound complicated, but it’s simply a decentralised digital ledger where everyone can see, but no one can change the records. Discover how this game-changing tech works.

Looking for something else?

Have any questions?

Visit our Helpdesk to get answers!

Visit page

Explore our full range of Study Tools

Visit page