General Data Protection Regulation (GDPR)​

Last updated: 

October 18, 2023

European Union General Data Protection Regulation

Effective May 25, 2018, the General Data Protection Regulation (GDPR) is a significant change to European Union (EU) privacy law. The regulation prioritizes an individual’s right to control their personal information. It imposes new rules on companies, government agencies, non-profits, and other organizations outside the European Union that process personal data related to the offering of goods and services to people in the European Union (EU), or that monitor the behavior of people within the European Union.

How GDPR applies to

Esri is a controller of personal information, and that information is stored in the United States. We control the personal information of those with whom we directly interact. Examples of this are users who visit or fill out a form on  

The GDPR details six legal bases that allow controllers to process personal information. They are: contractual necessity, legal obligation, vital interests, public interest, legitimate interest, and consent. Most of the work we do with users is classified as contractual necessity or legitimate interest. In other cases (e.g., web browsing tracking, marketing), we obtain direct consent before collecting any personal information. 

How we are taking action

We are committed to protecting your personal information from any attacks or data breaches. We have implemented appropriate security controls throughout our business systems. In the unlikely event of data breach, we will honor the GDPR requirements for notification.

With regard to transfers and processing of personal data from the European Union, the United Kingdom and Switzerland, we commit to the EU Standard Contractual Clauses (Commission Decision 2021/914), Module One, with the following modifications:

  • Clause 7 (Docking Clause) shall not apply;
  • Clause 11(a) (Redress) option shall not apply;
  • Governing law under Clause 17 (Governing law) shall be law of the Republic of Ireland; and
  • Clause 18 (Choice of forum and jurisdiction) shall mean the courts of the Republic of Ireland.

DPO and EU Representative

Our Data Protection Officer (DPO) and an EU Representative can be reached as indicated below.

Data Protection Officer: Ksenia Turk
Address: 380 New York St., Redlands, CA 92373
Telephone: +1 909 793 2853

EU Representative: nFrames GmbH, Esri R&D Center Stuttgart
Address: Kornbergstraße 36, 70176 Stuttgart, Germany
Telephone: +49 711 997 887 28

More information

If you have any questions or concerns regarding privacy issues or the GDPR, please contact

Questions about privacy use on

Add New Playlist

Contact Us

Thank you!

We have received your request and will send updates about to your email:

Sign Up For Updates

Skip to content