PayPal Community

mikewz · ‎May-15-2018

We are a Payflow/Website Payments Pro Business customer in the UK getting ready for GDPR compliance and as part of our legal obligations for GDPR we need to ensure PayPal provides us with a signed contractual agreement in its role as a "Data Processor" on our behalf (please see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountabi... for further information).

We have been in touch with aam-support[at]paypal.co.uk to request this agreement and they have not been able to advise where we can get it.

Please can you clarify where we can get a signed DPA from PayPal ahead of the impending GDPR implementation deadline of 24th May?

KaliK · ‎May-27-2018

Thanks SoCasDPO, but that is just a Privacy Policy, which is not the same as, or a substitute for, an explicit Data Processing Agreement/Addendum. A DPA can link to a privacy policy, no problem, but the two should not be conflated. Every other processor I know of is providing them to merchants. PayPal stands alone in NOT providing one as of yet.

MTS_MichaelL · ‎May-31-2018

Hi, @KaliK.

Apologies for a delay. I hope this will answer your question:

We have updated our Pro User Agreement - https://www.paypal.com/uk/webapps/mpp/ua/provt-full?locale.x=en_GB for UK residents.

The Attachments (1, 2 and 3) relate to data processing.

KaliK · ‎May-31-2018

Thank you. These look adequate to me.

skippayer · ‎May-31-2018

Thank you. Do we print, sign and return these for PayPal to fill in its information and send back?

mdleNeyr · ‎Jun-03-2018

I'd also like to know how to get these signed. is there a dedicated email address for this purpose, please?

An unsigned document is no use whatsoever. The Data Processing Agreement needs to be a signed contract between the two parties.

The "Download PDF" link on that page is throwing a 404, by the way.

tourosentado · ‎Jul-17-2018

Hi guys,

Any news on this matter?

People are still struggling on how can we get this DPA signed. Can you shed some light on this matter?

MTS_MichaelL · ‎Jul-27-2018

Once you have signed up to our online terms, our online terms allow for updates to be posted online. Merchants received an email informing them of the updated terms.

As the DPA is a part of the larger agreement, and in the light of the above, there is no requirement to physically sign an offline Data Protection Agreement. Our agreement update is valid and relevant and is what is referred to under the ICO as a ‘written agreement’.

In case one wishes (wished) to object, the emails advising of policy changes were sent two months in advance of the effective date of 25th of May.

PayPal Community

GDPR - Where can I get a Data Processing Agreement (DPA) from PayPal?

Haven't Found your Answer?