Skip to content

isowosi/data-processing-agreements

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Data Processors and their DPA resources

This collection aims to help you with establishing GDPR compliance by concluding the required Data Processing Agreements (DPA) between you and the services processing personal data on your behalf ("Data Processors").

The list is curated by Joschi Kuphal, Sebastian Greger and Baltasar Cevc and complements their current workshop series about data protection and ethical design issues. ⚠ It is meant as a tool to get a quick entry and first orientation only. It does not replace a thorough and independent check of your individual legal requirements. ⚠

Contribute

Please send in pull requests (learn how) for updates and additions. For instance, you may suggest additional data processors, resources or URLs to conversations and official statements on the web. Please understand that we can only accept URLs that point to the data processors' official websites or social media profiles (we will only quote non-published information as comments that we have retrieved ourselves first-hand). Thanks for your support! 🙇

Alphabetical list

Data Processor Status Resources Comment
1und1 🔍 German DPA
Adobe 🔍 English Online Form
Algolia English DPA (PDF)
GDPR information
All-Inkl.com Pre-filled download from customer's Members Area (Stammdaten › Auftragsverarbeitung).
Amazon AWS English website
German website
Atlassian Cloud English website DPA available on request for Atlassian Cloud customers
Automattic English Support Article, DPA on individual request for paid plans of WordPress.com, Jetpack, WooCommerce.com, Akismet, PollDaddy
billbee German blog post about their future plans regarding their GDPR implementation.
Cloudflare English DPA (PDF)
DigitalOcean English DPA
Detailed information about data security
DomainFactory German DPA (PDF)
German blog posts 1, 2
Dropbox 🔍 English DPA for Business Accounts (PDF) Only Business accounts are supported; Standard, Plus and Professional accounts do not have the ability to sign a DPA.
etracker German DPA The DPA can be concluded online under account settings
Eventbrite Data Processing Addendum (DPA) for Organizers Privacy Shield; It should be double-checked in how far the addendum is truly and reliably binding
Fullstory Online Form Privacy Shield
Gravatar English Support Article Part of Automattic
Github English forum entry
Contact form
Privacy Shield.
DPA for organisations available on request via support contact.
Gmail (via G Suite) G Suite Administrator Help (multiple languages)
Google Analytics DPA instructions
Google Maps API Controller-Controller Data Protection Terms Joint Control Contract (JCC, Art. 26)
Hetzner English news article
German news article
Host Europe German DPA
Hotjar English DPA
Hubspot English DPA
Issuu "we are working on becoming GDPR compliant" and we "will update them as soon as we have all of our changes and new policies in place"
KeyCDN General Information
English Tweet stating they will provide a DPA which will be available in May
"Our privacy team is continually reviewing our features and practices to ensure we support our customers with their GDPR compliance requirements."
LinkedIn English DPA
French DPA
German DPA
Spanish DPA
Portuguese DPA
Privacy Shield; DPA incorporated into the "LinkedIn Contract"
Mailjet English FAQ
Mailchimp English Online Form Privacy Shield
Mandrill English Online Form
Manitu German website DPA available online
Mapbox Can be obtained via email to privacy@mapbox.com
MaxCDN English website
MaxCluster Download via Customer Backend
micropayment Online Form for registered / logged-in users
Mittwald Comment in German blog post, available from customer service
Mouseflow Contact form
Netcup German Wiki
Netlify English Tweet, stating they will post a DPA very soon. Privacy Shield
Newsletter2Go German Website
Postmark English Website, DPA available online Privacy Shield
"We reviewed our data processing activities, and are making any changes that are needed in advance of the GDPR effective date."
Salesforce English Website, English DPA (PDF) Privacy Shield
Scopevisio German DPA
Simplecast Data Processing Addendum DPA – Including EU Standard Contractual Clauses)
Slack Data Processing Addendum Privacy Shield
Strato German Website
Stripe Data Processing Addendum (you need to be logged into your account to accept it)
English Privacy Shield Policy
Stripe Services Agreement (multilingual)
Privacy Shield
TinyLetter English Online Form Privacy Shield; part of Mailchimp
Toggl Promises to be "fully be GDPR compliant by the May deadline", but "doesn't feel that a DPA is needed at this time". At the moment it's unclear how this solution will look like and whether it's going to be truly GDPR compliant.
Trello English forum entry stating that there will be a DPA until May 2018
Trello and GDPR (multiple languages)
Revised Privacy Policy (multiple languages; effective as of May 25th, 2018)
Trust @ Trello
Privacy Shield; part of Atlassian
Twilio 🔍 Online Form (Preview) (English) Privacy Shield
TypeKit 🔍 Online Form (English) Part of Adobe
Travis CI English DPA
Uberspace German DPA, can be signed via the dashboard
Webgo Online Form
WebhostOne German FAQ
Wordpress.com English Support Article, DPA available on request for paid plans Run by Automattic
WPengine English DPA
Zapier English support article
GDPR Compliance Updates
"We at Zapier wholeheartedly support the privacy rights of our customers and our users and are proactively working toward GDPR compliance by May 25th, 2018."
Zendesk English FAQ support article "Zendesk will be compliant with the GDPR when it becomes enforceable in May 2018."

Legend

Symbol Meaning
It's currently unknown whether or not this service provides a GDPR compliant DPA
As far as the curators know, the data processor is busy with unspecified preparations for what they believe is GDPR-compliant; this may or may not include a DPA
🔍 The curators are currently reviewing the specified resources
This service provides a DPA that it declares to be GDPR compliant
This service doesn't provide a GDPR compliant DPA (whether or not that's a valid state)

About

Collection of Data Processing Agreement (DPA) and GDPR compliance resources

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • CSS 100.0%