Skip to main content

Last updated: 8th August, 2022

GDPR compliance

What is the GDPR?

The General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law in the European Union (“EU”) that updates existing laws to strengthen the protection of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. The GDPR went into effect on May 25, 2018.

Does GDPR affect me?

If you’re based in the EU or do business in the EU, then yes! If you have any EU personal data in your Consent Kit account, such as names, email addresses, ID numbers, or… anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including Consent Kit. These agreements are commonly called a Data Processing Addendum, or DPA.

New SCCs

In light of the new Standard Contractual Clauses adopted and approved by the European Commission, Consent Kit has revised our Data Processing Agreement (DPA) to incorporate the SCCs.

Alongside our new DPA, we are also updating our internal privacy compliance program to meet the requirements of the new SCCs, by the 28 December 2022 deadline.

We will communicate with our existing customers as we approach this deadline and provide information on how they can execute new agreements with the new SCCs. Existing customers contact us to enter into a new agreement that utilizes the new EU SCCs.

If you have any questions regarding data privacy and protection, the new SCCs, or our commitment to the GDPR, you can contact us.

Data Processing Addendum

Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed.

You can download and sign the DPA here

Once you’ve completed the information and signed it, please return it to us by email to We will sign it and return a copy to you as soon as possible.


Consent Kit uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor - and require the same of them - extending GDPR safeguards everywhere personal data is processed.

View our list of subprocessors in our Privacy Policy.

Get help

Can't find what you are looking for?