Our services are expanding in a lot of countries that obey GDPR like European countries. Each country has its own service. We want users to be able to log in and even share their own information across countries/services.
A simple solution is that we will create one identity provider in our headquarter and authenticate users globally. But our consultant said that it will violate GDPR. Can I save only hashed user email and password in our headquarter data center? I very much appreciate your help. Thank you so much for reading this.
