GDPR Compliance

As the leader in Data Management as a Service, Druva is committed to data privacy, data security, and transparency as to our data practices and processes. On May 25th, 2018 the General Data Protection Regulation went into effect. We would like to take an opportunity to share how Druva can help our customers to meet their obligations under the GDPR.

Our Commitment to Transparency

We are committed to making our data privacy practices transparent and have made updates to our Privacy Policy in accordance with the GDPR requirements.

Compliance as shared responsibility

GDPR requires not only responsible data controller practices, but also holds all controllers accountable for the vendors processing their personal data. To help guide our customers through the various GDPR requirements, we have mapped every GDPR article against our obligations as the data processor and our customers’ obligations as the data controllers. Please review our GDPR Shared Responsibility Model document.

Our Commitment to data security

Druva puts the security of our customer data first. To request a copy of our Security Addendum or request a copy of our security certifications, please contact

Our data transfer mechanisms

Druva complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks set forth by the United States Department of Commerce. If our customer’s policy is to execute Standard Contractual Clauses, our DPA includes them as an option.

Requesting the data processing agreement

Under the GDPR all data processors and data controllers must have an agreement in place specifying their respective obligations under the GDPR. To request Druva’s Data Processing Agreement (DPA), please email

Contact our data protection officer

If you have questions about Druva’s data processing practices, the Privacy Policy, or GDPR, feel free to reach out to our DPO at

GDPR Shared Responsibility model

Legal Guidelines