Mimecast Customer Data Processing Agreement

To assist you with your GDPR compliance efforts, please download the Data Processing Agreement (DPA) that contains revised or additional provisions to your underlying services agreement regarding the processing of personal data.  The DPA addresses matters such as audit, breach notification, transfer of data and the technical and organizational measures we have in place. The DPA incorporates, into our services, the terms required by Article 28 of the GDPR for contracts between Controllers and Processors and is necessarily tailored to our unique cloud platform, processes, procedures and services.

To assist you further and, in parts supplemental to the DPA, we have updated our Trust Center at https://www.mimecast.com/company/mimecast-trust-center/ which has a dedicated GDPR section and details much of the information you’ll need when assessing Mimecast against your own internal requirements. We also encourage you to look to our websites, blogs, and knowledgebase for how Mimecast can help, as well as garner insights from our own internal lessons learned to help inform your GDPR program.


If you require a Data Processing Agreement, please download the PDF, arrange for signature by an authorized representative of your company and return the signed copy to your Customer Success Manager. Once the DPA is signed by your company and returned to your Customer Success Manager, it will become a legally binding agreement between us.  You will receive an acknowledgment of receipt from your Customer Success Manager.

If you are a Reseller, Partner, MSP, vendor or otherwise have a different contractual relationship in place with us, please contact your Mimecast representative.