Data Processing Agreement (DPA)

From GM-RKB
(Redirected from data processing agreement)
Jump to navigation Jump to search

A Data Processing Agreement (DPA) is a confidentiality agreement between a data controller and a data processor.



References

2023

  • GBard
    • A data processing agreement (DPA) is a legally binding contract between a data controller and a data processor. It sets out the rights and obligations of each party with respect to the processing of personal data.

      A data controller is the entity that determines the purposes and means of processing personal data. A data processor is an entity that processes personal data on behalf of a data controller.

      DPAs are required by law in many jurisdictions, including the European Union under the General Data Protection Regulation (GDPR). They are also a good business practice, as they help to protect both the data controller and the data processor from legal liability.

    • A DPA should typically include the following provisions:
      • The scope of the processing: What types of personal data will be processed? For what purposes?
      • The security measures that will be implemented to protect the personal data
      • The rights of the data controller and the data processor, including the right to audit the processing and to have the personal data deleted
      • The process for handling data breaches