Skip to main content

Article 3 min read

EU-US data transfers after Schrems II

By Shanti Ariker, SVP, General Counsel and Maarten Van Horenbeeck, SVP & Chief Information Security Officer

Last updated November 8, 2022

Here at Zendesk, we believe that trust is at the core of all our interactions with our customers. We recognize the importance of customer trust and of customers’ privacy and the security of their data. Global privacy regulations are evolving at a rapid pace and we are focused on providing the tools our customers need to enable compliance.

As a customer, it’s important to understand how vendors use and secure your data. That is why we strive to be transparent about Service Data processed by our products and services, whether there is an international transfer of data, and what risks are associated with the type of data or processing concerned.

Since the Schrems II decision in July of 2020, regarding the legality of transatlantic data transfers, we have taken the following steps to enable cross-border transfers of personal data in accordance with EU privacy requirements:

Binding corporate rules and Standard contractual clauses

We provide EU Binding Corporate Rules (“BCR”) for both Controller and Processor, considered the “gold standard” for international data transfers. BCRs are company-wide data protection policies that have been approved for data transfers by our Data Protection Authority. We provide a Data Processing Agreement (DPA), which incorporates our EU BCRs and the new June 2021 Standard Contractual Clauses (SCCs). Our DPA also provides additional safeguards to Annex II of the new DPA/SCCs and provides details on our system access controls, data access controls, transmission controls, and network architecture and security.

Transfer impact assessment guide

We also provide a Transfer Impact Assessment Guide to assist you with knowing your transfers and enabling you to complete the required case-by-case privacy impact assessment and analysis (upon request).

Transparency report

When it comes to government surveillance, we believe that law enforcement and national security agencies should engage customers first, rather than service providers. We have received very few law enforcement requests over the years, as detailed in our transparency report, which we update every six months. We have not and will not build any backdoors to allow government authorities to circumvent our security measures.


We regularly undergo self-assessment and independent, external testing and certification. Our security certifications from third-party auditors include SOC 2 Type II, ISO 27001:2013, and ISO 27018:2014.

Regional data hosting options

We also offer a way to store your data on a regional basis. You have the option to have your service data for select covered functionality hosted in the United States, European Economic Area (EEA), Japan (JP), or Australia (AU). A full description of which services can be hosted in your chosen region is located in our regional data hosting policy page.

Looking ahead: Zendesk’s roadmap for future trust features

In this rapidly changing regulatory environment, we are committing to building additional features to provide an enhanced level of protection for our customers.

During 2022, Zendesk is working on the following privacy and data protection features to support customers:

  • Bring your own key (BYOK) encryption that will give customers the ability to encrypt their service data using their own enterprise key management system

  • Data Center Location support for all Agent Workspace features

  • Improved data deletion, access control and auditing features on customer data

  • An offering to provide EU-only based customer support, to limit the location of customer advocates with access to your service data

Zendesk is committed to supporting our customers in navigating new data protection and privacy regulations. We are encouraged by the ongoing discussions between the European Commission and the United States government to build a new framework for Europeans’ personal data that is transferred to the United States.

Have questions? Please contact your Zendesk account executive or our privacy team at

For more information on our privacy and security program, please see the below resources:
Schrems II – Frequently Asked Questions (FAQ) guide
Data processing addendum with new SCCs
Regional data hosting policy
Transparency report
How we protect your service data
Information on U.S. Privacy Safeguards White Paper by the U.S. Dept. of Commerce

Related stories

3 min read

How UrbanStems delivers happier customers with Zendesk AI

With Zendesk AI in their corner, UrbanStems is streamlining their processes, improving customer satisfaction, and creating memorable moments during their busiest times of the year.

5 min read

Retail’s next frontier: Elevating customer experience with Zendesk AI

Discover how retail businesses are modernizing CX, delivering personalized services, and boosting efficiency and savings with Zendesk AI.

1 min read

Dispatch from the frontlines of critical customer service—with the International Rescue Committee’s Andre Heller

For World Refugee Day, we sat down with the IRC's Andre Heller to learn how his team uses Zendesk to scale their global response efforts.

2 min read

Early insights from our AI implementation journey—with Zendesk’s Steven Warfield

With AI transforming the world of CX, Zendesk’s VP of Customer Service shares how we’re navigating big changes for our own internal teams—and what excites him about the future.