In short
A contract required by GDPR (Article 28) between a data controller and any data processor who handles personal data on their behalf.
It specifies what data is processed, for what purpose, for how long, and what security measures the processor must maintain.
Where it bites
DPA (Data Processing Agreement) matters when a workflow touches personal data, accessibility law, or procurement risk. The cost is rarely the definition; it is the unowned process behind it.
What to check
- Which legal trigger applies?
- Where is the process documented?
- Who can prove the control works in production?
Common questions
What is DPA (Data Processing Agreement)?
A contract required by GDPR (Article 28) between a data controller and any data processor who handles personal data on their behalf.
Why does DPA (Data Processing Agreement) matter?
DPA (Data Processing Agreement) matters when a workflow touches personal data, accessibility law, or procurement risk. The cost is rarely the definition; it is the unowned process behind it.
What should you check first for DPA (Data Processing Agreement)?
Which legal trigger applies? Where is the process documented? Who can prove the control works in production?