DPA
Updated on Thu Nov 30
Data Processing Agreement (DPA)
Introduction
This Data Processing Agreement (“Agreement”) outlines the terms and responsibilities related to the processing of personal data by [Processor’s Name] (“Processor”) on behalf of [Controller’s Name] (“Controller”), in accordance with the requirements of data protection laws applicable to the processing of personal data.
Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation or set of operations which is performed on personal data or on sets of personal data.
- Data Subject: An identified or identifiable natural person whose personal data is processed by the Processor on behalf of the Controller.
Scope and Purpose
The purpose of this Agreement is to ensure the lawful and compliant processing of Personal Data by the Processor, as instructed by the Controller, and to define the rights and obligations of both parties.
Data Processing Terms
- Processing Instructions: The Processor agrees to process personal data only based on documented instructions from the Controller, unless required to do so by law.
- Security of Processing: The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
- Subprocessing: The Processor shall not engage another processor without prior specific or general written authorization from the Controller.
- Data Subject Rights: The Processor shall assist the Controller in ensuring compliance with the data subjects’ rights under the applicable data protection laws.
- Data Breach Notification: The Processor shall notify the Controller without undue delay upon becoming aware of a personal data breach.
Duration and Termination
This Agreement shall remain in effect as long as the Processor is processing Personal Data on behalf of the Controller. Upon termination, the Processor shall, at the choice of the Controller, delete or return all Personal Data to the Controller and delete existing copies unless EU law or the national law of an EU member state requires storage of the personal data.
Governing Law
This Agreement shall be governed by the laws of [Jurisdiction].
Signature
This Agreement has been entered into on the date of the last signature below.
[Controller’s Name] Signature: ___________________________ Date: ___________
[Processor’s Name] Signature: _____________________________ Date: ___________