The GDPR does not require that EU residents’ personal data should stay in the EU, nor does it place any new restrictions on transfer of personal data outside the EU. The GDPR only mandates that such transfers be legitimized through any of the mechanisms provided in the regulation. However, we have strict encryption protocols in place for data in transit and data at rest.