I develop a bunch of (public) Shopify apps. Recently, a user has asked me for a signed Data Processing Agreement DPA. A few months ago when I did my research regarding the GDPR, I found no information about such an agreement.
Is this something that I am obliged to provide?
I'm very sure that you need to have a DPA with every app if you use Shopify. (don't take my personal opinion as fact!!!)
As a merchant, I am really struggling with this topic right now, and even after talking to the Shopify Support Team I don't have a clear picture on the topic, which is why I need to talk to every App's support team now, just to doublecheck. As a merchant, it's my responsibility. You would really make our lifes easier if you integrate an agreement into your business terms and provide us with the information that we already have a DPA with you.
Would be awesome to get a definitive answer from some of the Gurus or Support Team.
Best of luck, Raph