tollwerk / Data Processing Agreements
Licence: unlicense
Collection of Data Processing Agreement (DPA) and GDPR compliance resources
Stars: ✭ 110
Projects that are alternatives of or similar to Data Processing Agreements
Amazon S3 Find And Forget
Amazon S3 Find and Forget is a solution to handle data erasure requests from data lakes stored on Amazon S3, for example, pursuant to the European General Data Protection Regulation (GDPR)
Stars: ✭ 115 (+4.55%)
Mutual labels: data, gdpr, privacy
Opendsr
A common framework enabling companies to work together to protect consumers' privacy and data rights.
Stars: ✭ 295 (+168.18%)
Mutual labels: gdpr, privacy, compliance
Databunker
Secure storage for personal records built to comply with GDPR
Stars: ✭ 122 (+10.91%)
Mutual labels: gdpr, privacy, compliance
fidesops
Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.
Stars: ✭ 32 (-70.91%)
Mutual labels: privacy, compliance, gdpr
Gdpr Tracker
A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
Stars: ✭ 142 (+29.09%)
Mutual labels: gdpr, privacy, compliance
Datadefender
Sensitive Data Management: Data Discovery and Anonymization toolkit
Stars: ✭ 79 (-28.18%)
Mutual labels: gdpr, privacy, compliance
havengrc
☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Stars: ✭ 83 (-24.55%)
Mutual labels: compliance, gdpr
kodex
A privacy and security engineering toolkit: Discover, understand, pseudonymize, anonymize, encrypt and securely share sensitive and personal data: Privacy and security as code.
Stars: ✭ 70 (-36.36%)
Mutual labels: compliance, gdpr
data
The data behind the Datenanfragen.de project. This contains a directory of contact information and privacy-related data on companies under the scope of the EU GDPR, a directory of supervisory authorities for privacy concerns, a collection of templates for GDPR requests and a list of suggested companies to send access requests to.
Stars: ✭ 61 (-44.55%)
Mutual labels: privacy, gdpr
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+4046.36%)
Mutual labels: gdpr, compliance
Isp Data Pollution
ISP Data Pollution to Protect Private Browsing History with Obfuscation
Stars: ✭ 425 (+286.36%)
Mutual labels: data, privacy
Comply
Compliance automation framework, focused on SOC2
Stars: ✭ 596 (+441.82%)
Mutual labels: gdpr, compliance
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+1046.36%)
Mutual labels: compliance, gdpr
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+7214.55%)
Mutual labels: compliance, gdpr
Cryptag
Encrypted, taggable, searchable cloud storage
Stars: ✭ 178 (+61.82%)
Mutual labels: data, privacy
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+8206.36%)
Mutual labels: gdpr, compliance
Securityprivacyreferencearchitecture
Open Repository for the Open Security and Privacy Reference Architecture
Stars: ✭ 73 (-33.64%)
Mutual labels: gdpr, privacy
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (+69.09%)
Mutual labels: gdpr, privacy
Data Processors and their DPA resources
This collection aims to help you with establishing GDPR compliance by concluding the required Data Processing Agreements (DPA) between you and the services processing personal data on your behalf ("Data Processors").
The list is curated by Joschi Kuphal, Sebastian Greger and Baltasar Cevc and complements their current workshop series about data protection and ethical design issues. ⚠ It is meant as a tool to get a quick entry and first orientation only. It does not replace a thorough and independent check of your individual legal requirements. ⚠
Contribute
Please send in pull requests (learn how) for updates and additions. For instance, you may suggest additional data processors, resources or URLs to conversations and official statements on the web. Please understand that we can only accept URLs that point to the data processors' official websites or social media profiles (we will only quote non-published information as comments that we have retrieved ourselves first-hand). Thanks for your support! 🙇
Alphabetical list
| Data Processor | Status | Resources | Comment |
|---|---|---|---|
| 1und1 | 🔍 | German DPA | |
| Adobe | 🔍 | English Online Form | |
| Algolia | ✅ |
English DPA (PDF) GDPR information |
|
| All-Inkl.com | ✅ | Pre-filled download from customer's Members Area (Stammdaten › Auftragsverarbeitung). | |
| Amazon AWS | ✅ |
English website German website |
|
| Atlassian Cloud | ✅ | English website | DPA available on request for Atlassian Cloud customers |
| Automattic | ✅ | English Support Article, DPA on individual request for paid plans of WordPress.com, Jetpack, WooCommerce.com, Akismet, PollDaddy | |
| billbee | ⌛ | German blog post about their future plans regarding their GDPR implementation. | |
| Cloudflare | ✅ | English DPA (PDF) | |
| DigitalOcean | ✅ |
English DPA Detailed information about data security |
|
| DomainFactory | ✅ |
German DPA (PDF) German blog posts 1, 2 |
|
| Dropbox | 🔍 | English DPA for Business Accounts (PDF) | Only Business accounts are supported; Standard, Plus and Professional accounts do not have the ability to sign a DPA. |
| etracker | ✅ | German DPA | The DPA can be concluded online under account settings |
| Eventbrite | ✅ | Data Processing Addendum (DPA) for Organizers | Privacy Shield; It should be double-checked in how far the addendum is truly and reliably binding |
| Fullstory | ✅ | Online Form | Privacy Shield |
| Gravatar | ⌛ | English Support Article | Part of Automattic |
| Github | ⌛ |
English forum entry Contact form |
Privacy Shield. DPA for organisations available on request via support contact. |
| Gmail (via G Suite) | ✅ | G Suite Administrator Help (multiple languages) | |
| Google Analytics | ✅ | DPA instructions | |
| Google Maps API | ✅ | Controller-Controller Data Protection Terms | Joint Control Contract (JCC, Art. 26) |
| Hetzner | ✅ |
English news article German news article |
|
| Host Europe | ✅ | German DPA | |
| Hotjar | ✅ | English DPA | |
| Hubspot | ✅ | English DPA | |
| Issuu | ⌛ | — | "we are working on becoming GDPR compliant" and we "will update them as soon as we have all of our changes and new policies in place" |
| KeyCDN | ⌛ |
General Information English Tweet stating they will provide a DPA which will be available in May |
"Our privacy team is continually reviewing our features and practices to ensure we support our customers with their GDPR compliance requirements." |
| ✅ |
English DPA French DPA German DPA Spanish DPA Portuguese DPA |
Privacy Shield; DPA incorporated into the "LinkedIn Contract" | |
| Mailjet | ✅ | English FAQ | |
| Mailchimp | ✅ | English Online Form | Privacy Shield |
| Mandrill | ✅ | English Online Form | |
| Manitu | ✅ | German website DPA available online | |
| Mapbox | ✅ | Can be obtained via email to [email protected] | |
| MaxCDN | ✅ | English website | |
| MaxCluster | ✅ | Download via Customer Backend | |
| micropayment | ✅ | Online Form for registered / logged-in users | |
| Mittwald | ✅ | Comment in German blog post, available from customer service | |
| Mouseflow | ✅ | Contact form | |
| Netcup | ✅ | German Wiki | |
| Netlify | ⌛ | English Tweet, stating they will post a DPA very soon. | Privacy Shield |
| Newsletter2Go | ✅ | German Website | |
| Postmark | ✅ | English Website, DPA available online |
Privacy Shield "We reviewed our data processing activities, and are making any changes that are needed in advance of the GDPR effective date." |
| Salesforce | ✅ | English Website, English DPA (PDF) | Privacy Shield |
| Scopevisio | ✅ | German DPA | |
| Simplecast | ✅ | Data Processing Addendum | DPA – Including EU Standard Contractual Clauses) |
| Slack | ✅ | Data Processing Addendum | Privacy Shield |
| Strato | ✅ | German Website | |
| Stripe | ✅ |
Data Processing Addendum (you need to be logged into your account to accept it) English Privacy Shield Policy Stripe Services Agreement (multilingual) |
Privacy Shield |
| TinyLetter | ✅ | English Online Form | Privacy Shield; part of Mailchimp |
| Toggl | ⌛ | — | Promises to be "fully be GDPR compliant by the May deadline", but "doesn't feel that a DPA is needed at this time". At the moment it's unclear how this solution will look like and whether it's going to be truly GDPR compliant. |
| Trello | ⌛ | English forum entry stating that there will be a DPA until May 2018 Trello and GDPR (multiple languages) Revised Privacy Policy (multiple languages; effective as of May 25th, 2018) Trust @ Trello |
Privacy Shield; part of Atlassian |
| Twilio | 🔍 | Online Form (Preview) (English) | Privacy Shield |
| TypeKit | 🔍 | Online Form (English) | Part of Adobe |
| Travis CI | ✅ | English DPA | |
| Uberspace | ✅ | German DPA, can be signed via the dashboard | |
| Webgo | ✅ | Online Form | |
| WebhostOne | ✅ | German FAQ | |
| Wordpress.com | ✅ | English Support Article, DPA available on request for paid plans | Run by Automattic |
| WPengine | ⌛ | English DPA | |
| Zapier | ⌛ |
English support article GDPR Compliance Updates |
"We at Zapier wholeheartedly support the privacy rights of our customers and our users and are proactively working toward GDPR compliance by May 25th, 2018." |
| Zendesk | ⌛ | English FAQ support article | "Zendesk will be compliant with the GDPR when it becomes enforceable in May 2018." |
Legend
| Symbol | Meaning |
|---|---|
| ❓ | It's currently unknown whether or not this service provides a GDPR compliant DPA |
| ⌛ | As far as the curators know, the data processor is busy with unspecified preparations for what they believe is GDPR-compliant; this may or may not include a DPA |
| 🔍 | The curators are currently reviewing the specified resources |
| ✅ | This service provides a DPA that it declares to be GDPR compliant |
| ❌ | This service doesn't provide a GDPR compliant DPA (whether or not that's a valid state) |
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].