The European Union (EU) and the United States of America (USA) have set up a mechanism to comply with data protection requirements when transferring personal data from the EU to the USA.
Under the GDPR the EU doesn’t allow the transfer of data on its citizens to a country outside the EU unless the country has adequate data privacy laws. When you use companies like Google, Dropbox, Amazon Web Services, etc you might store your privacy related data in the cloud, which could easily be outside the EU. As the "adequate" part is not defined (well, or even not at all), organizations should better check the EU-US Privacy Shield.
- Check if your processors are listed, and if the data you share with them is covered: https://www.privacyshield.gov/list
