Updated data processing terms: staying ahead of evolving regulatory requirements

At Fastly, we work hard to stay ahead of legal changes that affect our customers. It’s always our goal to help customers stay confident and compliant, as seamlessly as possible.

That’s why, in response to a new set of data transfer agreements issued by the UK’s Information Commissioner’s Office (ICO) that went into effect on March 21, 2022 for data transfers out of the United Kingdom, we updated our data processing terms (DPT) for all customers on August 9, 2022, in advance of the ICO’s September 21, 2022 deadline. This release follows on the heels of the EU’s release of new standard contractual clauses (EU SCCs) in June 2021, and the UK’s exit from the European Union. The ICO issued two documents - an addendum meant to be used in conjunction with the EU SCCs (SCC Addendum), and a UK-specific International Data Transfer Agreement (IDTA).  As with our last update to the DPT, you don’t need to take any action to be in compliance with the new UK documents. Let’s dig in on what’s changed.

What is the difference between the SCC Addendum and the IDTA?

The SCC Addendum is intended to supplement the EU SCCs where UK data is being transferred alongside data originating from the EU. The IDTA applies where only UK data is being transferred. Given the nature of Fastly’s services, and the use cases of many of Fastly’s customers, Fastly expects the SCC Addendum will apply in almost all of its customer engagements. However, the updated DPT incorporates both the SCC Addendum and IDTA so that all relevant data transfers are properly addressed. 

What this means for customers

If you’re a new customer, our online (DPT) already incorporates the SCC Addendum and IDTA. Updates will take effect for existing customers on September 8, 2022, which is 30 days after we published the updated terms. If you're an existing customer who has a signed data processing agreement, you have until March 24, 2024, to enter into an updated agreement at your next renewal. If you’d like to have the updated terms apply sooner, you can contact your account representative or sales@fastly.com to request a new signed version.

The changes to our DPT are focused on addressing the changes brought on by the new UK specific documents. Since the GDPR and UK GDPR required a prior version of these contractual clauses, the majority of our DPT is the same. But while these changes may seem minimal, they still include meaningful commitments. If you’d like to review the previous version of our DPT, you can view them on our Docs archive pages

These DPT updates apply across our product suite — including our delivery offerings, Compute@Edge, and Fastly Next-Gen WAF (powered by Signal Sciences) — so however you use our products, you benefit from the updated terms. 

Keeping you compliant

It’s core to our DNA to champion data privacy and empower our customers. When new data privacy laws roll out, we are committed to keeping you informed and to making needed changes as seamless as possible — and staying true to our ethos of putting customers first. 

We know changes in the law can sometimes lead to uncertainty, but we’re here to help you stay compliant. Reach out to sales@fastly.com with any questions — but just to reiterate, no action is needed at this time.

Matthew Peterson
Managing Legal Director, Commercial
Published
Want to continue the conversation?
Schedule time with an expert
Share this post
Matthew Peterson
Managing Legal Director, Commercial