Magento is Ready for GDPR

Customer success is our top priority, including enabling our customers’ compliance with the General Data Protection Regulation (GDPR), which is now in effect. See how Magento helps merchants comply with GDPR.

Magento and GDPR

Magento requires customers who process data within scope of the GDPR to execute our standard data processing agreement (“DPA”) (or a Magento Addendum to the Adobe DPA, if applicable), affirming Magento’s commitment to GDPR and to our customers. In connection with providing Services to our customers, our DPA amends all existing commercial agreements with our merchants and sets forth our obligations around the handling of EU individual personal data. All future commercial agreements with our merchants will carry these same Magento obligations.

As a further commitment to privacy and GDPR, Magento maintains its list of third party subprocessors that may process customer data on our behalf on a dedicated page of our website. Customers are able to sign up to receive notification automatically whenever a change (e.g., the addition or removal of a subprocessor) is made to the list. We also have resources available that detail our handling of national security and law enforcement requests for customer data that can be provided upon request.

What You Need to Know

GDPR introduces a set of privacy regulations, which significantly expand the individual rights and protections of EU personal data. Here is what you need to know. Additional information about the GDPR is available on the European Commission’s website.

What is GDPR?

The GDPR is the EU's new legislation that introduces substantial and specific changes to existing data protection laws to expand the scope of data protection. In particular, the new rules impact how companies that do business in the EU may collect and handle personal information.

Whom does the GDPR apply to?

It applies to organizations established in the EU that process personal data and to organizations based outside the EU that either offer goods or services directly to individuals in the EU or monitor behavior of individuals in the EU.

What does GDPR regulate?

GDPR is a single privacy framework that aims to ensure that individuals’ personal data is handled with caution and care.

Are there Magento product features to help with compliance?

To assist merchants with their GDPR compliance efforts, Magento has made data mappings available for the Magento software, so you are able to identify the locations of where information is stored in our application. These mappings are available for Magento 1.x and Magento 2.x and cover Magento Commerce cloud, on-premise as well as Magento Open Source.

Contact Us

For specific questions about GDPR and Magento, please email our legal team at
For questions about Magento’s privacy policy, please email