Data Processors and their DPA resources

This collection aims to help you with establishing GDPR compliance by concluding the required Data Processing Agreements (DPA) between you and the services processing personal data on your behalf (“Data Processors”).

The list is curated by Joschi Kuphal, Sebastian Greger and Baltasar Cevc and complements their current workshop series about data protection and ethical design issues. ⚠ It is meant as a tool to get a quick entry and first orientation only. It does not replace a thorough and independent check of your individual legal requirements. ⚠

Contribute

Please send in pull requests (learn how) for updates and additions. For instance, you may suggest additional data processors, resources or URLs to conversations and official statements on the web. Please understand that we can only accept URLs that point to the data processors’ official websites or social media profiles (we will only quote non-published information as comments that we have retrieved ourselves first-hand). Thanks for your support! 🙇

Alphabetical list

Data Processor Status Resources Comment
1und1 🔍 German DPA (PDF) - from 2012, possibly not up to the latest requirements?
German support center article
 
Adobe 🔍 English Online Form  
Algolia English DPA (PDF)
GDPR information
 
All-Inkl.com Pre-filled download from customer’s Members Area (Stammdaten › Auftragsverarbeitung).  
Amazon AWS English website
German website
 
Automattic English Support Article  
Cloudflare English DPA (PDF)  
DigitalOcean English DPA
Detailed information about data security
 
DomainFactory German DPA (PDF)
German blog posts 1, 2
 
Eventbrite Data Processing Addendum (DPA) for Organizers Privacy Shield; It should be double-checked in how far the addendum is truly and reliably binding
Fullstory Online Form Privacy Shield
Gravatar English Support Article Part of Automattic
Github English forum entry Privacy Shield
Gmail (via G Suite) G Suite Administrator Help (multiple languages)  
Google Analytics German DPA  
Hetzner English news article
German news article
 
Host Europe German DPA  
Hotjar English DPA  
Hubspot English DPA  
Issuu “we are working on becoming GDPR compliant” and we “will update them as soon as we have all of our changes and new policies in place”
KeyCDN General Information
English Tweet stating they will provide a DPA which will be available in May
“Our privacy team is continually reviewing our features and practices to ensure we support our customers with their GDPR compliance requirements.”
LinkedIn English DPA
French DPA
German DPA
Spanish DPA
Portuguese DPA
Privacy Shield; DPA incorporated into the “LinkedIn Contract”
Mailjet English FAQ  
Mailchimp English Online Form Privacy Shield
Mandrill English Online Form  
Manitu German website DPA available online  
Mapbox Can be obtained via email to privacy@mapbox.com  
MaxCDN English website  
MaxCluster Download via Customer Backend  
Mittwald Comment in German blog post, available from customer service  
Mouseflow Contact form  
Netcup German Wiki  
Netlify English Tweet, stating they will post a DPA very soon. Privacy Shield
Newsletter2Go German Website  
Salesforce English Website, English DPA (PDF) Privacy Shield
Slack Data Processing Addendum Privacy Shield
Strato German Website  
Stripe Data Processing Addendum (you need to be logged into your account to accept it)
English Privacy Shield Policy
Stripe Services Agreement (multilingual)
Privacy Shield
TinyLetter English Online Form Privacy Shield; part of Mailchimp
Toggl Promises to be “fully be GDPR compliant by the May deadline”, but “doesn’t feel that a DPA is needed at this time”. At the moment it’s unclear how this solution will look like and whether it’s going to be truly GDPR compliant.
Trello English forum entry stating that there will be a DPA until May 2018
Trello and GDPR (multiple languages)
Revised Privacy Policy (multiple languages; effective as of May 25th, 2018)
Trust @ Trello
Privacy Shield; part of Atlassian
TypeKit 🔍 Online Form (English) Part of Adobe
Uberspace German blog post about hiring an external data protection officer/legal consultant taking care of GDPR compliance  
Webgo Online Form  
WebhostOne German FAQ  
Wordpress.com English Support Article Run by Automattic

Legend

Symbol Meaning
It’s currently unknown whether or not this service provides a GDPR compliant DPA
As far as the curators know, the data processor is busy with unspecified preparations for what they believe is GDPR-compliant; this may or may not include a DPA
🔍 The curators are currently reviewing the specified resources
This service provides a DPA that it declares to be GDPR compliant
This service doesn’t provide a GDPR compliant DPA (whether or not that’s a valid state)