Umbraco and GDPR III
General Data Protection Regulation (GDPR). Perhaps not the most inviting name but anyhow, it’s still on everyone’s lips - including ours.
Time has now come to share with you what we have done with Umbraco Cloud.
We don’t know if Cloud customers store any personal data in their Umbraco Cloud solution. However we have decided to operate as if all do. So no tiered set-up with respect to this on Umbraco Cloud.
We have tried to make it simple, hence, there are only 2 things you need to do:
In order to live up to the GDPR requirements the following is required:
1. TECHNICAL CONTACT
Our Cloud clients need to assign a technical contact - name and contact details.
- We need to be able to reach out to the client should a GDPR related issue happen.
- We will also use this email address as a supplement to service our clients with service and support communication - updates about Umbraco Cloud etc.
- Sofie has made a simple guide on how to add your technical contact.
2. DATA PROCESSING AGREEMENT (DPA)
We have made a standard DPA enabling our clients to document that Umbraco as a Data Processor are GDPR compliant. You have most likely already seen a lot of other DPA’s so you know that they come in many forms and shapes. Please note that:
- This DPA regulates all sites on Umbraco Cloud regardless of these being created before May 25th 2018.
- All new projects/sites after May 25th 2018 will as per the GDPR rules require acceptance of this DPA. We will introduce a checkbox for that purpose.
- The Data Processing Agreement is found here. It is possible to download it if you desire to do so.
This is it for now. But don’t worry, we have got a bit more exciting and necessary GDPR information to share as we get closer to the deadline.
In the meantime, keep yourself updated on our dedicated GDPR-page.