For each listed subprocessor, the document states the specific processing purpose that entity performs, such as cloud hosting, analytics, customer support, billing, or security tooling, allowing controllers to assess data minimization and purpose limitation compliance.
This analysis describes what Datadog's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision supports controller obligations under GDPR Article 5(1)(b) purpose limitation and Article 5(1)(c) data minimization by disclosing the specific function each subprocessor performs, enabling controllers to assess whether data flows to each entity are proportionate to the stated purpose.
Interpretive note: The specific purpose descriptions per subprocessor could not be directly extracted from the HTML provided; this description reflects standard subprocessor list conventions.
This provision establishes that each subprocessor is linked to a defined processing function, which business customers can use to determine whether the processing scope aligns with their own data processing agreements and purpose limitation requirements.
Cross-platform context
See how other platforms handle Processing Purpose Disclosure per Subprocessor and similar clauses.
Compare across platforms →Monitoring
Datadog has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
1) REGULATORY LANDSCAPE: GDPR Articles 5(1)(b) and 5(1)(c) require that personal data be processed for specified, explicit, and legitimate purposes and limited to what is necessary. Disclosure of processing purposes per subprocessor supports controller compliance with these principles. Relevant enforcement authorities are EU national supervisory authorities. 2) GOVERNANCE EXPOSURE: Low to Medium. The disclosure of purpose per subprocessor is consistent with standard subprocessor list practice, but controllers must verify that the stated purposes align with the scope of data actually shared with each entity and with the purposes described in their own privacy notices. 3) JURISDICTION FLAGS: EU/EEA and UK customers have the strongest regulatory basis for requiring purpose-specific disclosure. California customers may also assess whether the stated purposes are consistent with CCPA service provider limitations. 4) CONTRACT AND VENDOR IMPLICATIONS: Controllers should confirm that their DPA with Datadog restricts each subprocessor to the stated processing purpose and prohibits secondary use. This is a standard due diligence item when reviewing processor engagements. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should cross-reference stated processing purposes against their data flow maps and privacy notices to ensure consistency. Where a subprocessor's stated purpose is broadly described, additional clarification from Datadog may be appropriate.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision supports controller obligations under GDPR Article 5(1)(b) purpose limitation and Article 5(1)(c) data minimization by disclosing the specific function each subprocessor performs, enabling controllers to assess whether data flows to each entity are proportionate to the stated purpose.
This provision establishes that each subprocessor is linked to a defined processing function, which business customers can use to determine whether the processing scope aligns with their own data processing agreements and purpose limitation requirements.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Datadog.