I was also wondering whether we could register for the OCHA instance then instead (we are a German-based NPO), as the servers are in Ireland which would eliminate the issue.
Hi all, even though the non-humanitarian server (kf.kobotoolbox.org) is in the US, we still comply with the GDRP. If your organization requires you to use an EU-based server but you or your organization are not doing humanitarian work (or you don’t work for an EU-based organization that already runs its own KoBoToolbox server) then the only solution at the moment is to use a custom installation. We may set a new public one up in the EU if there is more demand for it. Please add your name and organization to this thread if this would be of interest to you.
Just in case this is helpful for anyone else. The IT and Data information system at Edinburgh University have advised me that using the non-humanitarian server, even if all storage is in the US, can be GDPR compliant as long as all the data are fully encrypted on this server - so can’t actually be seen. What matters, they say, is that the server on which you visualise the raw data is in the EU and adequately protected.
That said, a EU based non-humanitarian server would be fabulous!