Compliance

Data Processing Agreement

A legally binding contract between a data controller and a data processor that governs how personal data is handled.

A Data Processing Agreement (DPA) is a legally binding contract between a data controller and a data processor that sets out the terms and conditions of the data processing arrangement.

Subject matter and duration of processing
Nature and purpose of processing
Type of personal data and categories of data subjects
Obligations and rights of the controller
Processor's obligation to process data only on documented instructions
Confidentiality obligations
Security measures
Sub-processor management
Assistance with data subject rights
Data deletion or return upon termination
Audit rights

Legal Reference

GDPR Article 28(3).

Related Terms

Personal DataPrivacy

Any information that can identify a living individual, directly or indirectly.

Data ControllerPrivacy

The entity that determines the purposes and means of processing personal data.

Data ProcessorPrivacy

An entity that processes personal data on behalf of a data controller.

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

Sub-ProcessorCompliance

A third party engaged by a data processor to process personal data on behalf of the data controller.

Data Portability Data Processor

Data Processing Agreement

Required Content Under GDPR

Legal Reference

Related Terms