Data Processing Agreement (DPA)
A data processing agreement (DPA) is a contract between a data controller and a data processor (data processor) under the GDPR (General Data Protection Regulation).
It presents the responsibilities regarding the processing of personal data. Articles 28, 29, 30 and 32 of the GDPR specify the requirements for DPAs, focusing on data protection and security.
It may typically contain: Identification of parties, Purpose and scope, Description of processing, Responsibilities of parties, Data security measures, Privacy, Rights of data subjects, Subcontracting, Data transfers, Audit and compliance, Term and termination, Liability and indemnification , Applicable Law and Dispute Resolution.
The GDPR is a European Union regulation on information privacy in the European Union and the European Economic Area.