GDPR - Where can I get a Data Processing Agreement (DPA) from PayPal?

mikewz
Contributor
Contributor

We are a Payflow/Website Payments Pro Business customer in the UK getting ready for GDPR compliance and as part of our legal obligations for GDPR we need to ensure PayPal provides us with a signed contractual agreement in its role as a "Data Processor" on our behalf (please see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountabi... for further information).

 

We have been in touch with aam-support[at]paypal.co.uk to request this agreement and they have not been able to advise where we can get it.

 

Please can you clarify where we can get a signed DPA from PayPal ahead of the impending GDPR implementation deadline of 24th May?

Login to Me Too
16 REPLIES 16

KaliK
Contributor
Contributor

Thanks SoCasDPO, but that is just a Privacy Policy, which is not the same as, or a substitute for, an explicit Data Processing Agreement/Addendum.  A DPA can link to a privacy policy, no problem, but the two should not be conflated.  Every other processor I know of is providing them to merchants.  PayPal stands alone in NOT providing one as of yet.

Login to Me Too

MTS_MichaelL
PayPal Employee
PayPal Employee


Hi, @KaliK.

 

Apologies for a delay. I hope this will answer your question: 

We have updated our Pro User Agreement - https://www.paypal.com/uk/webapps/mpp/ua/provt-full?locale.x=en_GB for UK residents. 

The Attachments (1, 2 and 3) relate to data processing. 

Login to Me Too

KaliK
Contributor
Contributor

Thank you.  These look adequate to me.

Login to Me Too

skippayer
Contributor
Contributor

Thank you. Do we print, sign and return these for PayPal to fill in its information and send back?

Login to Me Too

mdleNeyr
Contributor
Contributor

I'd also like to know how to get these signed. is there a dedicated email address for this purpose, please?

 

An unsigned document is no use whatsoever. The Data Processing Agreement needs to be a signed contract between the two parties.

 

The "Download PDF" link on that page is throwing a 404, by the way.

Login to Me Too

tourosentado
New Community Member

Hi guys,

 

Any news on this matter?


People are still struggling on how can we get this DPA signed. Can you shed some light on this matter?

Login to Me Too

MTS_MichaelL
PayPal Employee
PayPal Employee

Once you have signed up to our online terms, our online terms allow for updates to be posted online. Merchants received an email informing them of the updated terms.

 

As the DPA is a part of the larger agreement, and in the light of the above, there is no requirement to physically sign an offline Data Protection Agreement. Our agreement update is valid and relevant and is what is referred to under the ICO as a ‘written agreement’. 

 

In case one wishes (wished) to object, the emails advising of policy changes were sent two months in advance of the effective date of 25th of May. 

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.