> 1. Since 2020, it's illegal to send PII (personally identifiable) data to the US because of the removal of the Privacy Shield Framework [2]
Minor nit - "PII" really isn't the right term to use, because it suggests the info itself must be personally identifiable to an individual. The GDPR covers much more than this, and uses the term "Personal Data".
Minor nit - "PII" really isn't the right term to use, because it suggests the info itself must be personally identifiable to an individual. The GDPR covers much more than this, and uses the term "Personal Data".