Vespa Cloud and GDPR Compliance

Many applications running Vespa Cloud handle data that would be classified as personal data per the European Union’s (EU) General Data Protection Regulation (GDPR).

When running an application on Vespa Cloud, it is the application owners’ that have the sole responsibility to ensure that all data in their applications is handled in compliance with GDPR requirements. The overall data retention policies for Vespa Cloud ensure that non-application data handled by Vespa is compliant.

GDPR Application Considerations

As an application owner, there are some considerations you could make to help be GDPR-compliant:

Vespa Cloud Data Retention Policies

The management of data stored in an application running on Vespa Cloud is the responsibility of the application owner and, as such, Vespa Cloud does not have any retention policy for this data as long as it is stored by the application.

The following data retention policies applies to Vespa Cloud:

Vespa Cloud Data Details

Below, we dive into the details around how we handle data in regard to GDPR. For most application owners, following the guidelines above should be sufficient, but an understanding of the underlying details can help make informed decisions to ensure your application is compliant.

Data inputs:

Collected metadata:

Purpose for processing data:

Processing performed on data:

External parties/system receiving data: