Asana moves user data from Europe and the UK to the United States using legal contracts called Standard Contractual Clauses, which are a required safeguard under EU privacy law.
This analysis describes what Asana's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes the legal framework under which Asana executes cross-border data transfers for EU/EEA/UK/Swiss users. Standard Contractual Clauses serve as the operative safeguard mechanism when transfers occur to jurisdictions without European Commission adequacy determinations, enabling the company to maintain international operations while addressing regulatory transfer requirements.
This provision was removed and replaced with the new EU-U.S. Data Privacy Framework provision, reflecting a regulatory shift away from SCCs to the newer framework mechanism.
View full change record →EU, UK, and Swiss users' personal data is transferred to the United States, and the legal adequacy of that transfer depends on Asana maintaining current SCCs and Transfer Impact Assessments — a compliance burden that directly affects whether their GDPR protections travel with their data.
How other platforms handle this
Where Zendesk transfers personal data outside of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to ensure that your personal data receives an adequate level of pro...
If you are located in the European Economic Area, United Kingdom, or Switzerland, we transfer your personal data to the United States and other countries that may not provide the same level of data protection as your home country. We rely on Standard Contractual Clauses approved by the European Comm...
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data may be transferred to countries outside of your region, including to the United States, where data protection laws may not provide the same level of protection as in your home country. When...
Monitoring
Asana has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Asana may transfer your personal information to countries other than the one in which you live, including to the United States. To the extent that we transfer personal information of individuals in the European Economic Area, the United Kingdom, or Switzerland to a country that has not been found to provide an adequate level of protection under applicable data protection laws, we rely on appropriate safeguards, such as the Standard Contractual Clauses approved by the European Commission, to transfer such personal information.— Excerpt from Asana's Asana Privacy Statement
REGULATORY FRAMEWORK: Implicates GDPR Chapter V (Arts. 44-49) on international transfers, specifically Art. 46(2)(c) (SCCs), CJEU Schrems II ruling (Case C-311/18), and EDPB Recommendations 01/2020 on supplementary measures. UK GDPR requires UK-specific International Data Transfer Agreements (IDTAs) or UK Addendum to EU SCCs. Swiss revFADP also requires equivalent safeguards. Primary enforcement: EU national DPAs (coordinated by EDPB), UK ICO, Swiss FDPIC.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes the legal framework under which Asana executes cross-border data transfers for EU/EEA/UK/Swiss users. Standard Contractual Clauses serve as the operative safeguard mechanism when transfers occur to jurisdictions without European Commission adequacy determinations, enabling the company to maintain international operations while addressing regulatory transfer requirements.
EU, UK, and Swiss users' personal data is transferred to the United States, and the legal adequacy of that transfer depends on Asana maintaining current SCCs and Transfer Impact Assessments — a compliance burden that directly affects whether their GDPR protections travel with their data.
ConductAtlas has identified this type of provision across 11 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Asana.