Data Processing Agreement (DPA)
A GDPR-required contract governing the processing of personal data by a processor on behalf of a controller.
Under GDPR Article 28, controllers must enter into a Data Processing Agreement with every processor who handles personal data on their behalf. The DPA must specify: the subject matter and duration of processing, the nature and purpose of processing, the type of personal data and categories of data subjects, the obligations and rights of the controller. It must also require the processor to: process data only on controller instructions, maintain security measures, notify the controller of breaches without undue delay, delete or return data at the end of the relationship, and allow audits.
DPAs have become a compliance baseline for any SaaS product sold to EU customers. Every vendor in the data supply chain — processors and subprocessors — requires a corresponding DPA. Document intelligence helps data protection officers verify that DPAs are in place across the vendor landscape, identify DPAs missing required GDPR provisions, and track subprocessor lists for changes that require controller notification.
Related Terms
More compliance Terms
General Data Protection Regulation (GDPR)
The European Union regulation governing how organizations collect, process, store, and protect personal data.
SOC 2
An auditing framework that evaluates an organization's controls for security, availability, processing integrity, confidentiality, and privacy.
HIPAA
The U.S. federal law that establishes standards for protecting sensitive patient health information.
Audit Trail
A chronological record of system activities that provides documentary evidence of the sequence of actions performed.
Data Privacy
The practice of handling personal information in accordance with legal requirements and individual expectations about data use.
PCI DSS
The Payment Card Industry Data Security Standard — a set of requirements for organizations that handle credit card information.
Analyze Documents Related to Data Processing Agreement (DPA)
Upload any document and get AI-powered analysis with verifiable citations.
Start Free