If you are considering to use an e-mail service like Sparkpost or Sitecore Email Cloud to dispatch e-mails from Sitecore Email Experience Manager it can be risky when emails are dispatched through servers located outside EU Region. To stay compliant with GDPR there is a simple way just by changing configuration to use geo-specific servers. Dispatch process can be restricted to use EU-located severs only.
With such configuration you can prevent transfers of personal data to a third country which is described in GDPR Article 49 and which means that you should inform users about this personal data transfer and according to GDPR Article 46 you should provide that appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects in the third country are available.
Ain’t it sweet just to change configuration and stay safe? 🙂
More detailed information about configurations you can find in Sitecore Knowledgebase: https://kb.sitecore.net/articles/947205.