Slack · Slack Terms of Service

Data Processing Addendum and GDPR Compliance

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

If your organization has employees or users in the EU or other regions with data protection laws, a separate Data Processing Addendum automatically applies to your use of Slack, setting out how Slack handles personal data as your organization's data processor.

Consumer impact (what this means for users)

EU and UK employees whose personal data is processed in Slack are protected by the terms of the DPA, which governs how Slack handles their data as a processor — but the adequacy of these protections depends on the Customer having properly activated and reviewed the DPA.

Cross-platform context

See how other platforms handle Data Processing Addendum and GDPR Compliance and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The DPA is critical for GDPR compliance — organizations using Slack to process EU personal data must ensure the DPA is properly executed and covers all data flows, or they face regulatory liability under GDPR Article 28.

View original clause language
To the extent that Slack processes any Personal Data (as defined in the Data Processing Addendum) on behalf of Customer in the provision of the Services, the terms of Slack's Data Processing Addendum, which are hereby incorporated by reference, shall apply and the parties agree to comply with such terms. The DPA is available at slack.com/terms-of-service/data-processing.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision directly implements GDPR Article 28 (processor agreements), Article 46 (international transfer mechanisms via Standard Contractual Clauses), and UK GDPR equivalent provisions post-Brexit. The Irish DPC is the lead supervisory authority for Slack's EU operations. The CCPA §1798.140 service provider framework is also engaged for California personal data.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority over US companies' data processing practices under Section 5 of the FTC Act, including compliance with cross-border data transfer commitments.
    File a complaint →
  • State AG
    State Attorneys General, particularly in California, have authority to enforce CCPA compliance including the adequacy of service provider agreements equivalent to GDPR DPAs.
    File a complaint →

Provision details

Document information
Document
Slack Terms of Service
Entity
Slack
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003515
Document ID
CA-D-00191
Evidence Provenance
Source URL
https://slack.com/terms-of-service
Wayback Machine
View archived versions →
SHA-256
967b1612d6d7230c93161d4185eac551b3dd9e7e81636161b14a850051644994
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Slack | Document: Slack Terms of Service | Record: CA-P-003515
Captured: 2026-04-27 14:04:01 UTC | SHA-256: 967b1612d6d7230c…
URL: https://conductatlas.com/platform/slack/slack-terms-of-service/data-processing-addendum-and-gdpr-compliance/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document