All Terms

GDPR Compliance

Last updated November 12, 2019

Udacity and the General Data Protection Regulation

The GDPR enters into force on May 25, 2018.

The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data of EU data subjects and harmonize EU data protection law.

Who is affected by GDPR?

The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer any goods and services to people in the European Union, or that collect and analyze data tied to European data subjects.

How has Udacity been preparing for the GDPR?

At Udacity we are committed to maintaining an effective security and privacy program. We recently updated our privacy policy and terms of use to meet the standard of GDPR and to reflect further transparency around our uses of user data. We are dedicated to ensuring our Students and Partners have the highest confidence in our data protection practices and see GDPR as an opportunity to strengthen this devotion.

What key changes did Udacity make?

Udacity evaluated all new requirements and restrictions imposed by the GDPR and below are the steps taken. We are taking any action necessary to ensure that we handle your personal data in compliance with applicable law. You will receive notifications of changes to our Terms within the Udacity website. As further regulations are published by the EU, we will continue to review our terms.

  • Policies and Terms - Our legal documentation (namely our Privacy Policy, our Cookie Policy, our Data Processing Agreements and our Terms of Use) will be updated to reflect any product changes. Anytime we make changes to our terms, we hope to make it easy for you and our entire community - to understand the changes and the choices and control you have over your data.
  • Product Changes - Our technology and security teams have worked hard to make changes to the Udacity service to meet the standards of GDPR. Among the new tools, we added a reference to the setting that allows you to control whether you want to share specific content with third parties, we have added features to ensure proper standards for consents and lawful processing, and we will shortly have features for the deletion and potability of your data.
  • Age Restrictions - In accordance with GDPR, we have changed the age of consent for the use of our services by European data subjects.
  • Our Service Providers - GDPR requires us to ensure our data processors providing sufficient guarantees to implement appropriate technical and organizational privacy measures and we have endeavored to implement such measures throughout our platform. We have likewise undertaken a project with all of our vendors to ensure compliance with those obligations where data is processed by them. Moving forward, we will continue to review all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
  • Our Enterprise Partners - Udacity implements physical, personnel, IT and vendor security practices and policies that are consistent with industry practices and the level of data that is provided and hosted by Udacity.

If you’re already a Udacity Student, you will have received updated consents for our privacy policy and terms of use.

If you are an Enterprise or Hiring Partner, please contact your account manager if you have any further questions or comments. If you do not yet have a business relationship with Udacity, please drop us a line at

EEA data subjects can contact Udacity’s data protection officer by emailing

DISCLAIMER: This page is provided as a source of general information. It is not and should not be treated as legal advice to any individual user.