All US providers can no longer handle personal data under the GDPR

Since the Schrems II ruling came into force, many companies that send out their digital communications via American suppliers have faced a tough dilemma. The GDPR states that transfers of personal data to a country outside the EU can only take place if the receiving country can guarantee a high level of protection for the data. What continues to be discovered is the fact that all US suppliers are judged not to be able to comply with the GDPR to 100% and thus can not handle personal data in a secure way. This means that companies that send newsletters via US suppliers risk violating the Personal Data Regulation GDPR. 

Skapa förtroende e-postmarknadsföring

Vitamin Well switches to Rule for more secure handling of personal data

We have been able to see a new wave where more and more companies are switching from American suppliers to European ones because they want to guarantee the secure handling of their customer data. Mainly companies operating in industries that previously thought they were less affected by the problem, such as e-retailers. One of these companies is Vitamin Well, which previously used an American supplier but has now switched to Rule.

Vitamin Well is a Swedish company that produces, markets and sells vitamin drinks. They also have a number of well-known subsidiaries such as Barebells and Nocco, which means that they have a large customer base with a lot of personal information. Now that they have switched to a Swedish supplier, they can guarantee that their customers’ personal data is handled in accordance with the GDPR. Thus, they can secure the integrity of customers, which was the primary reason why they changed systems.

“When our lawyers told us that we could no longer use an American supplier, we started looking for a European one. The most important thing for us was to find a flexible and user-friendly system that handles customer data in full compliance with the GDPR in order to protect the privacy of our customers. And the choice fell on Rule “

-Vitamin Well

vitamin well, gdpr

Rule offers external advice within the GDPR and increased security of data storage

Security of personal data is a very important issue for us. Based on that position, we have initiated several partnerships with experts in GDPR to help our customers manage their customer data correctly. For our enterprise customers, we also offer the opportunity for increased security with Microsoft. You can now create an account in Rule with Microsoft work accounts that can be managed via, for example, Azure Active Directory (Azure AD) which is a cloud-based identity service in Microsoft. The service offers smooth login and multifactor authentication that helps you protect your users from 99,9 procent of cyber security attacks. Contact us to learn more about Azure AD.

Are you (un) knowingly violating the GDPR?

The problem with American companies is that they’re primarily subject to US law. EU-based companies using data servers in the United States are also affected by US national security laws. If you use a US newsletter service to communicate with your customers, you have probably imported contact lists with personal information on them, into the system. In doing so, you have not only risked customers’ privacy and the security of personal information. It also means that you have violated the GDPR.

gdpr, vitamin well, schrems 2

This happens if you violate the GDPR

So what really happens if you jeopardize the security of personal data and violate the GDPR? The penalty fee for companies that violate the Data Protection Regulation GDPR is up to EUR 20 million or four percent of a company’s global annual turnover. Therefore, it can be smart to review the vendors you work with, which involve data transfers to the US, and ask yourself if your existing solution really is the most secure. Otherwise, maybe think about the choice to switch to a provider that keeps your data safe within the EU – and thus removes the risks of a potential verdict.

How to know if your supplier complies with the GDPR

To begin with, it can be expected that no American communication service providers handle customer data according to GDPR today due to what has been mentioned earlier. To ensure that your existing or future supplier handles personal data in accordance with the GDPR, you should ask to read their GDPR agreement. We at Rule have our GDPR agreement with all information about how we handle personal data in our footer so that our customers can easily take part in it. You can read it here.

When you choose Rule as a complete solution for your data management and communication, you do not need to spend time and resources to ensure approved data storage. You can feel completely confident that it is managed according to the regulations, via Rule.

Do you want to change to a Swedish supplier or do you have any questions related to GDPR, Schrems II or Rules data management? Contact us!

Share this article

Drive engagement and growth through smart communication

gdpr mailutskick

Reminder GDPR emails: How to follow the rules

More than half of all emails sent globally are some form of marketing. It’s thus a huge market that has previously been largely unregulated. E-mail ...
Read More
5 bra marknadsföringstips

5 eggcellent Easter marketing tips

We are heading towards brighter times and Easter is approaching. Therefore, it’s time to start planning for a colorful Easter campaign. Easter is a perfect ...
Read More
BF 2

Successful email marketing during Black Friday

For retailers, Black Friday is one of, if not the biggest sales event of the year. There is a possibility to compensate for lost revenue ...
Read More

Explore Rule Free, without even having to register a debit card.

Discover how you, with the help of Rule and smart communication, can drive growth through increased engagement. 


  • Pre-made templates and free emails
  • Try our features in your own pace
  • No lock-in period or hidden extra fees

Get a personal demo of Rule

Discover how you can increase digital engagement and growth in a personal demo of our platform.