All DigitalOcean services comply with GDPR provisions. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it has raised the bar for data protection, security and compliance in the industry.
The European Union's General Data Protection Regulation (“GDPR”) is a comprehensive privacy and security law that establishes a framework for protecting the personal data of individuals within the European Economic Area (“EEA”). The regulation applies to any organization, regardless of its physical location, that processes the personal data or offers services to individuals within the EEA. GDPR aims to provide individuals with greater control over their personal data, enforce transparency in data processing, and ensure that organizations implement stringent technical and organizational measures to safeguard privacy.
DigitalOcean provides security, privacy, and data management features intended to support customers with their internal GDPR compliance and assessment efforts. The information in this section describes certain capabilities, tools, and transparency resources available through the Company’s services and is provided for informational purposes only. These features do not constitute a representation or guarantee of GDPR compliance.
Customers are responsible for evaluating whether the services they deploy are configured and governed in a manner appropriate for their specific GDPR compliance obligations. Customers may access additional information and supporting documentation to assist in their evaluation:
Customers are responsible for selecting the data center location that best meets their compliance needs when they open their accounts.
Customers can use DigitalOcean’s API and management tools to retrieve or delete data in response to applicable data subject access requests the customer may receive.
Developers using DigitalOcean services to process EU personal data are responsible for developing their own compliance programs to account for in-scope legislation (e.g., GDPR).
Customers can share DigitalOcean’s published DPA with their own clients to generally inform them of the security measures committed to by DigitalOcean.
While DigitalOcean secures the underlying infrastructure, customers are responsible for the security of the applications they build, including the implementation of “Privacy by Design” and “Privacy by Default.”
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
