To embed, copy and paste the code into your website or blog: Risks of non-compliance with the GDPR keep increasing with data protection authorities (DPAs) now ordering suspension of transfers of personal data to the U.S. In March, the Bavarian DPA found there was an unlawful transfer of personal data from a German controller to the e-mail marketing service Mailchimp in the U.S. A month later, the Portuguese DPA ordered a public authority to suspend all transfers of personal data to the U.S. and other third countries within 12 hours. PORTUGUESE DECISION TO SUSPEND TRANSFERS TO CLOUDFLARE IN THE U.S.