Data Protection
23andMe is committed to the robust data privacy and security protections enabled by GDPR compliance.

In 2016 the European Commission approved and adopted the General Data Protection Regulation (GDPR), a new framework for European data protection law. The GDPR is effective as of May 25, 2018 and applies to companies who process personal data of individuals in the EU. The GDPR strengthens the rights these individuals have regarding personal data relating to them, and seeks to unify data protection laws across Europe, regardless of where data is processed.

What is the GDPR?

The GDPR is a new European data protection law which replaces the existing EU data protection regime under Directive 95/46/EC. The GDPR sets out provisions intended to harmonize data protection laws throughout the EU by applying a single data protection law that is binding throughout all Member States. The GDPR is effective as of May 25, 2018.

Does the GDPR apply to 23andMe?

The GDPR applies to virtually all organisations, including 23andMe, that process the personal data of EU residents through services offered to them, regardless of whether the organization is physically based in the EU. The GDPR applies to 23andMe because we market and provide the Personal Genetic Service in EU Member States through our UK, EU and International sites. For a list of countries we ship to in the EU, click here.

Your 23andMe Data

23andMe is committed to GDPR compliance through our robust data privacy and security protections. This page, our full privacy statement, terms of service, sample storage consent document and frequently asked questions all provide information meant to help you understand our practices. If you have questions, please contact us at privacy@23andMe.com.

Step One
1. When, how, and why your data is processed.

23andMe is committed to being transparent about the kinds of information we collect, the reasons we collect it, and how it is used.

For a full overview of 23andMe's processing activities, please review our privacy statement. To change your cookie settings, please visit our cookie policy.

More on processing personal data
More on processing sensitive personal data
Step Two
2. Accessing, downloading, and deleting your data.

At its core, the GDPR is about enabling individuals to find out what personal data we hold about them, why we hold it, and who we disclose it to.

Learn how to access and download your data
Learn how to delete your data
Learn about other rights you have regarding your data
Step Three
3. Managing our third party service providers.

23andMe directly conducts the majority of data processing activities required to provide our Ancestry and Health + Ancestry Services to you. However, we do engage some third party service providers to assist in supporting these Services, including in the following areas:

  • Our genotyping lab, LabCorp
  • Customer Care
  • Cloud storage
  • Marketing and analytics
  • IT and Security

Our rigorous selection process ensures each third party service provider complies with the GDPR and can deliver the appropriate level of security and data protection. Please review our Privacy Statement for more information about our third party service providers.

Step Four
4. Safeguarding your data.

Under the GDPR, organizations that collect and store personal data must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with processing personal data. 23andMe uses industry-leading organizational and technical measures to keep personal data secure. Learn more.

Step Five
5. International data transfers.

To comply with European legal requirements around international data transfer mechanisms, we self-certify under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

Want to learn more? Review our FAQ's on data protection or submit an inquiry to Customer Care.

Two easy ways to discover you.

€99 €74
Ancestry
Service
Get a breakdown of your global ancestry, connect with DNA relatives and more.
€169
Health +
Ancestry Service
Receive 75+ online reports on your ancestry, traits and health - and more.
shop now