What are Digital Oceans plans on GDPR compliancy?

September 11, 2017 5.1k views
DigitalOcean FAQ

Form may 28th onward., all startups in Europe are required to ensure that the services they use are GPDR compliant.
Specifically companies need to able to show documentation and contracts with suppliers (such as DO) that show policies regarding privacy and data protection.

There is zero documentation or information available on this from Digital Ocean, besides certification of the data centres.

Digital Ocean can greatly help millions of customers stay customers by for example complying to the CISPE Code Of Conduct, like AWS and other cloud hosting providers do. Are there any plans for this?

7 comments
8 Answers

This question is a few months old, but I want to provide an update as there seems to be some uncertainty. DigitalOcean is committed to being GDPR compliant. By May 2018, we will make available to all users an updated Data Processing Agreement that will meet the requirements of the GDPR. You can find an FAQ on GDPR at:

If you require additional information about how this impacts your business, please open a support ticket or reach out to your Customer Success Manager.

Take a look at this page:
www.digitalocean.com/security/privacy/

*International Privacy Requirements

We understand the need for strict privacy regulations required by certain countries. For the European data protection acts Bundesdatenschutzgesetz (BDSG) and General Data Protection Regulation (GDPR), DigitalOcean is the "Data Processor" and the customer is the "Data Controller". We have setup a Data Processing Agreement (DPA) which can be signed by both DigitalOcean and the customer to meet these regulatory requirements. To obtain the DPA, or if you have any other privacy related questions please contact our Customer Support team here.*

You'll also find more information about data processing at DO here :
www.digitalocean.com/help/privacy/

  • Thank you for pointing this out. I think it'd be ideal if this was a default to all EU customers by means of updating DO terms of service for EU customers.

I was trying to push the same problem, but their support were very limited in the communication.

This was DO's GDPR mantra:

"I appreciate you updating us with this. We customize each agreement for the agent and organization signing the agreement. This is why we requested the information to complete the form. I apologize for the confusion on that.

Can you outline the address of the organization or yourself and the signing agent and organization? We will prepare the agreement then provide it here for you. We will appreciate your update with this and if you have further questions or concerns please don't hesitate to reply with them."

In the end DO suggested me to create a suggestion - here.

I guess DO is not ready for GDPR at all.

I just came across this thread after reading this GDPR guide. DigitalOcean is listed there as not GDPR complaint.

I'm a European DO customer and for us this is important. Those fines are not a joke. When will there be more info about this?

Any news about this?

  • DO is pretty clear:

    For additional information on the GDPR DPA, or to obtain a copy, please contact the DigitalOcean Support team or your Customer Success Manager.

Have another answer? Share your knowledge.