Cloudflare supports a number of Europe’s largest and fastest-growing companies. Learn how European companies can use Cloudflare to help meet their GDPR obligations.
Cloudflare’s network and all of our products are built with data protection in mind. As such, the GDPR was a codification of many steps we were already taking. Cloudflare does not sell personal data we process on customers’ behalf, or use it for any purpose other than to provide our services to our customers. In addition, we give people the ability to access, correct, and delete their personal information, and give our customers control over the information that passes through our network.
Get answers to common question about how we process data on behalf of our customers in a way that complies with the GDPR — and learn about our data protection safeguards, our responses to the latest legal rulings, and more.
Cloudflare’s network can encrypt data throughout its journey from origin servers to end-users, using the very latest protocols.
Cloudflare’s Web Analytics does not use any client-side state, such as cookies or localStorage, to collect usage metrics — and never ‘fingerprints’ individual users.
Cloudflare lets organizations control which regional data centers their traffic is inspected in and where logs are sent.
Cloudflare Zero Trust lets organizations enforce country-specific access rules, block risky sites and content, and log access events for internal applications and data.
Cloudflare Logs gives granular insights into every HTTP request, helping you investigate potential breaches and other security incidents.
In addition to complying with industry-standard security certifications, Cloudflare is considered an ‘Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems.