I have been running a small instance of NextCloud for personal data organization and backup purposes. For friends and family, I happily offer them an account to get them off of OneDrive, Dropbox, Etc. I am from the US, and run my server in the US. I have friends and family in Europe, and have offered them accounts as well.
I didn’t think about it at first, but I recently considered whether or not GDPR applies in this case. I’ve been having a hard time finding a definitive answer by researching online. If anyone here has any idea, I’d appreciate any input!
This topic is confusing me as well and I can’t answer you your questions.
I just tried to find some answers on german websites and I read one clear statement, which I found interesting:
If you are a private person and provide a web service which is hosted by some web hoster (a company) then this company is a third party processing the user’s data. And you need to request an information about the data processing (storage, usage and all that stuff) from this web hosting company at least.
If you as well have to inform your users, where and what data is actually stored and how it is processed … I don’t know.
Especially if it makes any difference when you host the server yourself (within your own walls).
With the tools Nextcloud provides you should definitely be on the safe side: