Magento is Ready for GDPR

Customer success is our top priority, including enabling our customers’ compliance with the General Data Protection Regulation (GDPR), which is now in effect. See how Magento helps merchants comply with GDPR.

Magento and GDPR

Magento has published our data processing agreement (“DPA”), affirming Magento’s commitment to GDPR and to our customers. In connection with providing Services to our customers, our DPA amends all existing commercial agreements with our merchants and sets forth our obligations around the handling of EU individual personal data. All future commercial agreements with our merchants will carry these same Magento obligations.

As a further commitment to privacy and GDPR, Magento is excited to share its list of third party subprocessors detailing those service providers that Magento utilizes in the provision of Services to our customers.

Magento is also happy to announce that we are now Privacy Shield self-certified, which is the European Commission-approved mechanism that enables the transfer of personal data from the European Union and Switzerland to the United States. This certification is great news for Magento and our customers and affirms our commitment to the privacy principles of the Privacy Shield framework. Take a look here for our updated Privacy Policy and our new Privacy Shield Privacy Policy.

What You Need to Know

GDPR introduces a set of privacy regulations, which significantly expand the individual rights and protections of EU personal data. Here is what you need to know. Additional information about the GDPR is available on the European Commission’s website.

What is GDPR?

The GDPR is the EU's new legislation that introduces substantial and specific changes to existing data protection laws to expand the scope of data protection. In particular, the new rules impact how companies that do business in the EU may collect and handle personal information.

Whom does the GDPR apply to?

It applies to organizations established in the EU that process personal data and to organizations based outside the EU that either offer goods or services directly to individuals in the EU or monitor behavior of individuals in the EU.

What does GDPR regulate?

GDPR is a single privacy framework that aims to ensure that individuals’ personal data is handled with caution and care.

Are there Magento product features to help with compliance?

To assist merchants with their GDPR compliance efforts, Magento has made data mappings available for the Magento software, so you are able to identify the locations of where information is stored in our application. These mappings are available for Magento 1.x and Magento 2.x and cover Magento Commerce cloud, on-premise as well as Magento Open Source.

Contact Us

For specific questions about GDPR and Magento, please email our legal team at
For questions about Magento’s privacy policy, please email