Skip to content

GDPR Compliance – What you need to know

Loren Buhle Author






DNAnexus is updating our Data Processing Addendum to reflect the General Data Protection Regulation (GDPR) that comes into effect on 25-May-2018.  This is a major regulation impacting the collection, use and retention of personal information for all citizens of countries belonging to the European Union. While DNAnexus is a Data Controller for the information users place on our system to enroll and use the DNAnexus Platform, our primary role is a data processor of data uploaded to our Platform by our Customers.

The scope of GDPR is any personal information from citizens of countries belonging to the European Union. If you use data originating from these citizens (regardless of where the citizen physically resides), it is covered by GDPR. If you collect this personal information,  you need to ask its origin.

Our new Data Processing Addendum (“DPA”) can be accessed here. The DPA is a contractual agreement between our customers and DNAnexus focusing on how DNAnexus handles personal identifying information originating from citizens of countries belonging to the EU. Our DPA will become effective coincident with the effective date of GDPR on 25-May-2018.

If you have users or data from citizens of countries that are part of the EU, we recommend you review your Consent Policies to make sure they are compliant with the new regulations outlined in the GDPR. For example, do your consent forms clearly describe the intended use of the data, provide a mechanism for the citizen to correct, obtain a personal copy or request removal of their information? Do you have a process for tracking requests, providing responses in a timely fashion, and providing evidence that you have met your obligations?

Learn how DNAnexus can help

DNAnexus works with our customers to understand the impact of privacy on genomic analysis, the regulatory requirements of storing sensitive data within specific geographic regions and moving these data across jurisdictions. The DNAnexus platform provides specific capabilities to help you be GDPR compliant quickly and painlessly.  We share the benefits and challenges of these experiences with you to help you manage your risks in an ongoing and predictable fashion. From initial assessment to implementation, we’re here to help you achieve your goals.

Section 11.2 of DNAnexus’ amended privacy policy at provides specific details of how DNAnexus addresses GDPR.

If you have any questions about this update or GDPR, please don’t hesitate to reach out to your account team or contact us through

About DNAnexus

DNAnexus the leader in biomedical informatics and data management, has created the global network for genomics and other biomedical data, operating in 33 countries including North America, Europe, China, Australia, South America, and Africa. The secure, scalable, and collaborative DNAnexus Platform helps thousands of researchers across a spectrum of industries — biopharmaceutical, bioagricultural, sequencing services, clinical diagnostics, government, and research consortia — accelerate their genomics programs.

The DNAnexus team is made up of experts in computational biology and cloud computing who work with organizations to tackle some of the most exciting opportunities in human health, making it easier—and in many cases feasible—to work with genomic data. With DNAnexus, organizations can stay a step ahead in leveraging genomics to achieve their goals. The future of human health is in genomics. DNAnexus brings it all together.