1) Data transfers outside the EU
We're using Fauna which is a distributed database, and it seems we won't be able to use the distributed features. To be able to transfer EU data outside the EU, the US would need to have deemed adequate in terms of data protection by the EU and this hasn't happened.
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
So far, it seems the most sensible option for us having users worldwide is to just store everything in the EU and be done with it.
The alternative is of course having 2 databases, with the complexity that this brings.
2) Analytics data
We initially wanted to offer visitor analytics to our users which included the country. To do this we planned to get the location using the IPs from the NginX logs, but under the GDPR IPs can be considered personal information.
Also, retrieving the country for a particular IP is also considered personal information.
Under the GDPR law, users have to opt in for this collection which results in a terrible UX for our users' visitors and, again, complicates everything.
This is all very confusing to be honest. I've seen some sources that say IPs can only be considered personal information if you're an ISP and can tie an IP with a person. But then I've also seen sources claiming it doesn't matter.
In all seriousness: have you considered not tracking users then if you already know they would dislike it?
One of the killer features of cockroachdb is the ability to key data to a location.