I was also wondering whether we could register for the OCHA instance then instead (we are a German-based NPO), as the servers are in Ireland which would eliminate the issue.
Thank you for your help and time!
All the best,
The best way for such compliance is to host it on your own servers, that’s what we are doing.
I have the same problem. I must host the server in the EU as funded by an EU grant. Is there a way to register for the Humanitarian server e.g. by paying for it if one doesn’t qualify for it?
Or can someone recommend a consultant who would be available to set up the server at my institution as University IT have been very unhelpful?
Welcome to the community, @niha1993, @fmeinck! Maybe, @tinok should be able to provide you with a suitable response.
Hi all, even though the non-humanitarian server (kf.kobotoolbox.org) is in the US, we still comply with the GDRP. If your organization requires you to use an EU-based server but you or your organization are not doing humanitarian work (or you don’t work for an EU-based organization that already runs its own KoBoToolbox server) then the only solution at the moment is to use a custom installation. We may set a new public one up in the EU if there is more demand for it. Please add your name and organization to this thread if this would be of interest to you.
Is there an official document available (link), please, for your full compliance with GDRP for each of the two accounts/servers
Thanks in advance.
@wroos The best documents would be
I have the same question about GDPR compliance.
The data of Kobotool is hosted in the USA on Amazon Webservices (thus not on Harvard University as mentioned in the authors question). See statement ref: Data Storage — KoBoToolbox documentation
When there is personal data collected, the kobotoolbox solution is regretfully not EU - GDPR compliant,
A solution would be to have a kobotoolbox instance on an EU based server if that is supported by Kobotoolbox organisation (?)
Where can I find more information about a custom installation to be on a EU based server?
Just in case this is helpful for anyone else. The IT and Data information system at Edinburgh University have advised me that using the non-humanitarian server, even if all storage is in the US, can be GDPR compliant as long as all the data are fully encrypted on this server - so can’t actually be seen. What matters, they say, is that the server on which you visualise the raw data is in the EU and adequately protected.
That said, a EU based non-humanitarian server would be fabulous!