> Data transfer outside the EU When personal data is transferred outside the EU, the protection offered by the GDPR should travel with the data. This means that if you export data abroad, your company must ensure one of the following measures are adhered to: a) The non-EU country's protections are deemed adequate by the EU. b) Your company takes the necessary measures to provide appropriate safeguards, such as including specific clauses in the agreed contract with the non-European importer of the personal data. c) Your company relies on specific grounds for the transfer (derogations) such as the consent of the individual.

According to https://www.cnil.fr/en/data-protection-around-the-world (if you click on the map on the USA):

> Data protection level : Authority and law(s). This country doesn't ensure an adequate level of data protection recognized by EU. Data transfers to this country require the use of transfer tools. This country has a data protection law and an independant data protection authority accredited at the international conference of data protection and privacy commissionners.

Q: 1. What are these "transfer tools"?

2. I'm planning to deploy my Saas (customers mainly from EU and US). I'm in Europe, so because of the great GDPR, I guess my only option is to host all my customer's data (EU and US) in european servers (I say "all", because to start with I want to keep infrastructure "simple": just one master database)... now the thing is latency for US customers. I've read that latency will be at least ~90ms. If you were one of my US customers, would you accept at least ~90ms of latency while using my Saas? (assuming you like all the features it provides and the price is attractive ofc).