Back

GDPR and the US: Can you trust American tech with your data?

28 October 2025

Understanding what GDPR really means when your data crosses the Atlantic

When you think of GDPR, your mind probably jumps to endless cookie pop-ups. But the regulation goes much deeper—especially when it comes to where your data ends up. One of the big questions in the world of computer science and data protection is: Can UK or EU-based organisations legally use US-based services like Google under GDPR?

The answer isn’t as clear-cut as you might hope.

What does GDPR actually say about US data transfers?

GDPR doesn’t flat-out ban sending data to the US—but it insists that your personal information must be treated with the same level of protection as it would receive within the EU. That was once straightforward thanks to the Privacy Shield agreement, until it was invalidated by the European courts over concerns about US surveillance laws.

Enter the EU-US Data Privacy Framework. It sounds secure, but participation is voluntary for US companies. If a business is certified under this framework, data transfers are allowed without jumping through too many legal hoops.

What does compliance really look like?

Here’s where it gets tricky. Just because a US company is able to receive your data doesn’t mean it automatically follows GDPR. UK and EU organisations must still carry out due diligence:

Are they only transferring data to certified companies?
Have they signed Standard Contractual Clauses (SCCs)?
Have they assessed the risk of US surveillance laws applying?

Failing to do any of these could land an organisation in hot water with the ICO.

The hidden risks you can’t see

Even more concerning, if a company has handed over your data to the US government, they’re legally not allowed to tell you. Gag orders mean you could be unaware that your information has already been shared. That’s why GDPR isn’t based on trust—it demands verifiable protection.

So, can you use Google and still be GDPR-compliant? Yes—but only if both Google and your organisation have taken all the right steps. If not, you could be unknowingly breaching GDPR.

Want to know more? Check out The Lesson Hacker’s YouTube video –

For more Lesson Hacker Videos, check out the Craig’n’Dave YouTube playlist HERE.

Be sure to visit our website for more insights into the world of technology and the best teaching resources for computer science and business studies.

Stay informed, stay curious!

What is Endianness?

Welcome to the quirky world of endianness — a classic computing debate that’s as petty as indenting code with tabs versus spaces or whether ketchup belongs in the fridge.

15 January 2026

Does anyone still use low-level code?

Low-level programming isn’t dead — it quietly powers the devices we rely on every day, from cars to toasters. If you love digging into game engines, compilers, or hardware drivers, your skills are more essential than ever.

14 January 2026

Should AI have morals?

Should AI always agree with us, or tell us when we’re wrong? We explore whether artificial intelligence should be kind, or correct — and why the answer really matters.

13 January 2026

What is vibe coding? Is it the future of programming?

Vibe coding lets you tell an AI what you want in plain English—and it writes the code for you. But is it genius productivity or just a confident intern with a wild imagination?

12 January 2026

Trinket is shutting down in June 2026

Time2Code uses Trinket as its online IDE for Python. Unfortunately, that service is shutting down later this year, probably in […]

9 January 2026

What does a GPU actually do?

A GPU isn’t just a graphics chip—it’s like a room full of toddlers with crayons, all scribbling at once to bring your game to life. While CPUs think carefully, GPUs colour fast.

Fail safeguarding if phone used in school?

Should schools fail an Ofsted safeguarding inspection because of mobile phones? We dig into the headlines claiming schools should fail Ofsted if pupils are seen using phones.

Should beginners use AI to code?

Should beginners use AI to help them code? It might seem like a shortcut—but relying on it too soon could stop you learning the skills you actually need.

8 January 2026

Is the Online Safety Act protecting us, or going too far?

The UK’s new Online Safety Act aims to protect young people online, but its sweeping measures are raising big questions about privacy, freedom, and access to information. Is it safeguarding the vulnerable, or simply going too far?

7 January 2026

Looking for something else?

Have any questions?

Visit our Helpdesk to get answers!

Visit page

Explore our full range of Study Tools

Visit page

Back

Why Should I Care About GDPR?

Because Your Data Isn’t a Game of Pass-the-Parcel

30 September 2025

Let’s face it, GDPR doesn’t sound like the most thrilling topic. But if you’ve ever wondered what happens to your personal information after you sign up to a website or click “I accept” on a cookie banner, the General Data Protection Regulation might just be your new best friend.

Introduced by the EU, GDPR is essentially a set of rules telling companies: stop hoarding user data like dragons with a spreadsheet addiction. It gives you rights—real, enforceable rights—over your personal information.

What does GDPR actually do for you?

Right to be forgotten – You can ask a company to delete your data.
Right of access – You can find out exactly what information a company holds on you (even if it’s just confirming your weakness for online sales).
Right to know about breaches – If your data leaks, they have to tell you. No more shady silence while your details end up in the wrong hands.

And if they don’t play by the rules?

Companies face serious fines—we’re talking €20 million or 4% of their annual global turnover, whichever is higher. That’s not something you can brush off with a few coins from under a billionaire’s sofa cushion.

But what about those annoying cookie pop-ups?

Yes, those are part of GDPR too. Unfortunately, some companies make rejecting tracking more complicated than assembling flat-pack furniture. It’s compliance—just not the user-friendly kind.

And here’s a curveball: if a government demands your data, companies might not be allowed to tell you. That’s where confidentiality notices come in—forcing silence and keeping you in the dark.

So… should you care?

Absolutely. GDPR gives you power in a world where data is currency. If you want even a sliver of control over how your personal details are used, GDPR is a pretty big deal.

🎥 Want to dive deeper? Watch the full video on our YouTube channel, where the Craig’n’Dave Lesson Hacker breaks it down.

🌐 Looking for more computer science content? Explore our resources at Craig’n’Dave.