robertvh
By:
robertvh

What are Digital Oceans plans on GDPR compliancy?

September 11, 2017 333 views
DigitalOcean FAQ

Form may 28th onward., all startups in Europe are required to ensure that the services they use are GPDR compliant.
Specifically companies need to able to show documentation and contracts with suppliers (such as DO) that show policies regarding privacy and data protection.

There is zero documentation or information available on this from Digital Ocean, besides certification of the data centres.

Digital Ocean can greatly help millions of customers stay customers by for example complying to the CISPE Code Of Conduct, like AWS and other cloud hosting providers do. Are there any plans for this?

6 comments
3 Answers

Take a look at this page:
www.digitalocean.com/security/privacy/

*International Privacy Requirements

We understand the need for strict privacy regulations required by certain countries. For the European data protection acts Bundesdatenschutzgesetz (BDSG) and General Data Protection Regulation (GDPR), DigitalOcean is the "Data Processor" and the customer is the "Data Controller". We have setup a Data Processing Agreement (DPA) which can be signed by both DigitalOcean and the customer to meet these regulatory requirements. To obtain the DPA, or if you have any other privacy related questions please contact our Customer Support team here.*

You'll also find more information about data processing at DO here :
www.digitalocean.com/help/privacy/

  • Thank you for pointing this out. I think it'd be ideal if this was a default to all EU customers by means of updating DO terms of service for EU customers.

I was trying to push the same problem, but their support were very limited in the communication.

This was DO's GDPR mantra:

"I appreciate you updating us with this. We customize each agreement for the agent and organization signing the agreement. This is why we requested the information to complete the form. I apologize for the confusion on that.

Can you outline the address of the organization or yourself and the signing agent and organization? We will prepare the agreement then provide it here for you. We will appreciate your update with this and if you have further questions or concerns please don't hesitate to reply with them."

In the end DO suggested me to create a suggestion - here.

I guess DO is not ready for GDPR at all.

Have another answer? Share your knowledge.