What is Data Processing Agreement?
A Data Processing Agreement is a legally binding contract between a data controller and a data processor that governs how personal data will be processed, ensuring compliance with data protection regulations.
A Data Processing Agreement (DPA) is a legally binding contract required under Article 28 of the GDPR between a data controller and a data processor. It sets out the subject matter and duration of the processing, the nature and purpose of the processing, the types of personal data and categories of data subjects, and the obligations and rights of the controller. The DPA must be in writing, including electronic form.
The GDPR mandates specific provisions in DPAs, including that the processor only acts on documented instructions from the controller, ensures that processing personnel are bound by confidentiality obligations, implements appropriate security measures, assists the controller in responding to data subject requests, supports the controller in complying with breach notification and DPIA obligations, deletes or returns all personal data at the end of the relationship, and makes available all information necessary to demonstrate compliance.
ComplyIQ provides DPA templates aligned with GDPR requirements and tracks DPA status across all vendor relationships. This ensures organizations maintain an up-to-date inventory of processor agreements and can demonstrate to supervisory authorities that appropriate contractual protections are in place for all third-party processing.
Relevant Regulations
How IQWorks Helps
Related Terms
Standard Contractual Clauses (SCC)
Standard Contractual Clauses are pre-approved model contractual clauses adopted by the European Commission to facilitate lawful international transfers of personal data to countries outside the EEA.
Data Breach Notification
Data breach notification is the legal requirement for organizations to inform supervisory authorities and affected individuals when a security incident results in unauthorized access to, or loss of, personal data.
Accountability Principle
The accountability principle requires organizations to demonstrate their compliance with data protection principles through proper documentation, policies, procedures, and technical measures.