Data Privacy Law and Regulation Compliance

Druva is committed to data privacy, data security, and transparency in our data practices and processes. We would like to take an opportunity to share how Druva can help our customers to meet their obligations under the General Data Protection Regulation (GDPR – effective May 25, 2018) and the California Consumer Privacy Act (CCPA – effective Jan 1, 2020).

Our Commitment to Transparency

We are committed to making our data privacy practices transparent and have made updates to our Privacy Policy in accordance with the GDPR and CCPA requirements.

Compliance as shared responsibility

GDPR requires not only responsible data controller practices, but also holds all controllers accountable for the vendors processing their personal data. To help guide our customers through the various GDPR requirements, we have mapped every GDPR article against our obligations as the data processor and our customers’ obligations as the data controllers. Please review our GDPR Shared Responsibility Model document.

Although the CCPA does not as clearly define the role of controller and processor, responsibility to ensure processing of data occurs in a compliant manner still remains a shared obligation.  The CCPA Shared Responsibility Model document maps out each CCPA section against Druva and our clients obligations.  

Our Commitment to data security

Druva puts the security of our customer data first. To request a copy of our Security Addendum or request a copy of our security certifications, please contact

Our data transfer mechanisms

Druva complies with the EU and UK Standard Contractual Clauses passed by the European Commission and UK’s Information Commission Officer respectively. If our customer’s policy is to execute Standard Contractual Clauses, our DPA includes them as an option.

Requesting the data processing agreement

Under the GDPR all data processors and data controllers must have an agreement in place specifying their respective obligations under the GDPR. We have incorporated CCPA obligations into the data processing agreement to ensure all data processing activities and obligations are transparent.  To request Druva’s Data Processing Agreement (DPA), please email

Contact our data protection officer

If you have questions about Druva’s data processing practices, the Privacy Policy, or GDPR, feel free to reach out to our DPO at


GDPR Shared Responsibility model


CCPA Shared Responsibility model