EU's GDPR and Asana


I’m using Asana to manage my tasks in educational administration. Until now, I have forwarded emails from students into Asana. The new EU GDPR directive does not allow us to save data about persons for more than a certain time.
This means that I have to delete information about persons that I have already sent to Asana (completed tasks), and I need to know what happens with deleted data. It would also be very useful with a better search tool to find the tasks that contain personal information.
What have you planned to do about this? GDPR is soon here, and you don’t seem to have taken the necessary steps to deliver an updated, legal service. I hope I am wrong, as I heavily rely on my Asana account. Can you please inform us? I think there should be much more information about this on your security info page.


Hi @Sigrun_Eng,

I recommend that you visit this blog post about Asana and GDPR.

Please let us know if you have follow up questions.



hi! I’ve read this and your other articles on the GDPR. You mention you offer data processing agreements and Model Contractual Clauses – however you don’t specify how to get these. what would be the best way to go about this?



I am with Martin… how do I get a Data Processing Agreement with you?
Also, I can’t find where to mark myself as data processor with deletion power.


Ditto. We would also like to request this, but it appears to be difficult to contact you directly to ask. Please let us know how to enter into the DPA.


Here is another one interested in the DPA. At least in the german version ( of the text it only says that we can make an agreement, not how.
Cheers, Bastian


Hello all, same here.
All I got was:

“Our Data Processing Addendum is a document that we provide to our premium and enterprise customers for whom we serve as a “Data Processor” under the GDPR and with whom we have entered into a Master Services Agreement (“MSA”).”

It would be nice to know if non-premium customers get the same protection afforded to premium customers, or if ensuring GDPR compliance forces users to get a premium account.