GDPR and HIPAA compliance

Is the platform GDPR and HIPAA compliant? With regards to GDPR, which states that no data should leave the origin of a country, how will this be satisfied knowing nodes of the Internet Computer are spread across the world? Are measurements being taken so that storage of user data is restricted to the country of residence? What about other compliances under GDPR and HIPAA? This is especially important as we are working on a healthcare product which demands HIPAA compliance in order to operate.

It is possible to restrict canisters to certain subnets, this has only been described so far in the context of choosing storage vs system canisters with respective cost differences, but there will probably be more detail on the compliance uses released alongside this. It’s certainly been a long running discussion, especially in the context of healthcare applications.