WP Engine continually monitors developments in data security, privacy, and compliance around the globe, and we have invested considerable resources in preparing for EU Regulation 2016/679 (“GDPR”). We have always upheld the core privacy principles behind GDPR, as evidenced by our early adoption of the EU-US and Swiss-US Privacy Shield programs, and take very seriously (and humbly) the trust our customers place in us when they choose to store personal data on our platform.
WP Engine will comply with GDPR’s requirements, both as a controller of our customers’ account data and a processor of the end-user personal data our customers store on our platform. In support of our customers’ compliance efforts, we have updated our terms to reflect the obligations we have as a processor under GDPR. (Such additional contractual obligations are commonly referred to as a Data Privacy Addendum , or a “DPA.”) These changes became effective May 10, 2018, and our DPA already applies to you by reference in your existing agreement. We encourage you to view this changelog and familiarize yourself with our terms to better understand how we support you and protect the security and privacy of your data.
We also encourage our customers to begin assessing their own internal readiness if they haven’t already done so. The official text of the regulation can be found here.
Data Privacy Addendum (DPA) FAQ
Q: Do WP Engine’s terms include a Data Privacy Addendum?
A: No, the DPA does not need to be signed. The exact language of the GDPR says: “The contract … shall be in writing, including in electronic form.” It is an accepted tenet of contract law that a written agreement includes online or clickthrough terms, and GDPR even calls out electronic contracts as being perfectly acceptable.
Q: Is it possible to get a signed copy of the DPA?
A: Yes. If you are a WP Engine customer, you can log into the User Portal and access a pre-signed version of our DPA, which includes instructions for countersigning and returning the fully executed form to us.